I need to run apache in fips 140-2 mode and I am following the instructions given here: https://wiki.openssl.org/index.php/FIPS_Library_and_Apache
However I am using a newer version of apache, I have these packages instead of the ones listed in the wiki:
- openssl-fips-2.0.16.tar.gz
- openssl-1.0.2n.tar.gz
- httpd-2.4.29.tar.gz
- apr-util-1.6.1.tar.gz
- apr-1.6.3.tar.gz
- pcre-8.41.tar.gz
Everything works fine until I attempt a make on the httpd package and it then fails. If I run a make without the two exports for the fingerprints, it completes without issue:
- export CC=/usr/local/ssl/fips-2.0/bin/fipsld
- export FIPSLD_CC=/usr/bin/gcc
However as the wiki describes when you enable SSLFIPS in httpd.conf it will fail to start with the fingerprint issue without these variables set. But when I attempt to run a make with these exports I get the following error:
/root/httpd-2.4.29/srclib/apr/libtool --silent --mode=link /usr/local/ssl/fips-2.0/bin/fipsld -g -O2 -pthread -L/usr/local/ssl/lib -lssl -lcrypto -luuid -lrt -lcrypt -lpthread -ldl \
-o ab ab.lo /root/httpd-2.4.29/srclib/apr-util/libaprutil-1.la -lexpat /root/httpd-2.4.29/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lm
./.libs/ab: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory
Makefile:73: recipe for target 'ab' failed
make[2]: *** [ab] Error 127
make[2]: Leaving directory '/root/httpd-2.4.29/support'
/root/httpd-2.4.29/build/rules.mk:75: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/root/httpd-2.4.29/support'
/root/httpd-2.4.29/build/rules.mk:75: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
I'm no expert in compiling apache, so no idea why it fails when using those exported variables. Can anyone help?