[Bug 271656] [exp-run] with OpenSSL 3.0 in the base system

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271656

--- Comment #54 from Pierre Pronchery <khorben@defora.org> ---
(In reply to Guido Falsi from comment #53)
I have managed to track down the issue, and make the FIPS provider work on
FreeBSD.
Here is a copy of my comment on GitHub's #787 PR to this effect:
(https://github.com/freebsd/freebsd-src/pull/787)

> I just confirmed that the FIPS module can be configured to load correctly, with this pull-up request applied, on my local amd64 machine:
> 
> * Enabling the FIPS provider in `openssl.cnf` disables the default module, so make sure it has `activate = 1` in its section.
> * The default module is required for `openssl fipsinstall`, otherwise no HMAC provider is available to generate the corresponding configuration file. (Defaults to `fips.cnf`)
> * The output of `openssl fipsinstall` (the configuration file) needs to be installed in e.g., `/etc/ssl/fipsmodule.cnf` and included by `openssl.cnf` in order for the FIPS provider to work. (Check the provider's section name to be correct and matching that of `fipsmodule.cnf`, e.g., `fips_sect`)
> * The configuration file depends on the binary code of the `fips.so` provider module, therefore in order for FreeBSD to ship a working FIPS provider by default, `openssl fipsinstall` (or an equivalent) has to be executed to generate it once all of OpenSSL is done building.

-- 
You are receiving this mail because:
You are on the CC list for the bug.