[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Condor_master aborting because of FIPS mode

So after my previous question about the library paths and the related response (in early August), I went off and did more tinkering and seem to have gotten something that works. Was able to get condor_master, etc. started, and was able to submit and run some test jobs on this one machine. I then proceeded to "ignore" the mailing list for the next month and didn't see that Tim mentioned the link below about the FIPS build tarballs until this week. So I thought, great, this would probably be a better/cleaner install of the Condor system than what I hacked together from the FIPS compliant RPMs mentioned earlier in the thread.

So I proceeded to download the FIPS enabled tarball (The location though seems to have changed to https://research.cs.wisc.edu/htcondor/tarball/v8.8/8.8.9/fips however). I used the CentOS7 one for the RHEL 7 system that I was using. I changed my condor link to point to the appropriate location. Copied over my condor_config macro files. I then attempted to start the condor service which failed. The MasterLog was showing a Signal 6 (Abort). When I attempted to start condor_master manually it gave me 

md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode.

The same problem that started this whole thread. A day or so later I noticed that there was a 8.8.10/fips tarball also available. I went through the same steps today with that but ended up with the same result. These FIPS compliant tarballs seem to be acting like the normal distribution ones.

>You will find the FIPS compliant tarballs in: