[ntp:questions] Recompiling ntp with FIPS openssl

Gellatly, Anna anna.gellatly at Polycom.com
Tue Dec 15 17:41:18 UTC 2009

Thanks Dave for pointing me in a direction (I hate being directionless)

Hello Dave and all -

Regarding the potentially missing libcrypto.so ...
I have run ldd on a ntpd versions I have (pre-upgraded/non openssl fips and upgraded/openssl FIPS) and see this list

Working ntpd version 4.2.2p1-9

Non-working nptd version 4.2.4p7

I don't understand why libcrypto is not included in my newly built ntpd? All libs in my newly created ntpd are found.
I am in experimental mode and have changed my configure line to this
./configure --with-openssl-libdir=/tmp/openssl/lib --with-openssl-incdir=/tmp/openssl/include/openssl --with-crypto=openssl CPPFLAGS="-I/tmp/openssl/include -L/tmp/openssl/lib" LDFLAGS=-L/tmp/openssl/lib
I get the same library results with this configure line.

Any further ideas you might have would be greatly appreciated.


-----Original Message-----
From: Dave Hart [mailto:davehart at gmail.com] 
Sent: Monday, December 14, 2009 8:45 AM
To: Gellatly, Anna
Cc: questions at lists.ntp.org
Subject: Re: [ntp:questions] Recompiling ntp with FIPS openssl

On Thu, Dec 10, 2009 at 17:26 UTC, Gellatly, Anna wrote:
> I have compiled and installed the fips compliant openssl to
> /tmp/openssl.
> configure -with-openssl-libdir=/tmp/openssl/usr/local/ssl/fips/lib
> -with-openssl-incdir=/tmp/openssl/usr/local/ssl/fips/include/openssl
> make
> make intsll prefix=/tmp/ntp
> I have packaged what was placed in /tmp/ntp and installed it on a system
> with the fips compliant openssl installed
> When I launch ntpd with the following command line
> /usr/sbin/ntpd -c /etc/ntp.conf.vmware -u ntp:ntp -p /var/run/ntpd.pid
> The ntpd.pid file is created but the process does not launch (the pid in
> the .pid file does not exist when running ps -ef | grep ntp).

Presumably the resulting ntpd binary has a reference to a
libcrypto*.so.  I'm betting that reference is to
/tmp/openssl/.../libcrypto*.so, and that file is not present in that
location on the target system.

Dave Hart

More information about the questions mailing list