How to build Node.js binary with FIPS-compliant OpenSSL?

[raydenx]

• Node.js Version: v6.11.1
• OS: 3.8.13-118.13.3.el6uek.x86_64
• Scope (install, code, runtime, meta, other?): install
• Module (and version) (if relevant):

Is it possible to build Node.js binary with FIPS support and install it on another machine?
I followed steps provided at https://github.com/nodejs/node/blob/master/BUILDING.md#building-nodejs-with-fips-compliant-openssl

These steps are working fine for me. But this will install node on the machine where it's being built.

Running

CONFIG_FLAGS="--openssl-fips=/usr/local/ssl/fips-2.0" make -j4 binary

after following steps listed at https://github.com/nodejs/node/blob/master/BUILDING.md#building-nodejs-with-fips-compliant-openssl seems to take care of building binary that can be installed on another compatible machine, but I want to make sure I'm not missing something here.
Thanks.

[addaleax]

/cc @nodejs/crypto

[sam-github]

I don't understand the question, you seem to have said everything worked, but you are wondering if you did it right?

Not sure why you used CONFIG_FLAGS= instead of ./configure ...

[raydenx]

Yes, I am wondering if I did it right.
binary target executes ./configure without openssl-fips option. That's why I used CONFIG_FLAGS

[gireeshpunathil]

@raydenx - is your issue still outstanding, or is it resolved? please let me know.

[raydenx]

CONFIG_FLAGS="--openssl-fips=/usr/local/ssl/fips-2.0" make -j4 binary
worked for me. Noone really confirmed it is the right command but I will just assume yes.

[gireeshpunathil]

/cc @mhdawson for confirmation.

[gireeshpunathil]

./configure --help has this section:

--openssl-fips=OPENSSL_FIPS
                        Build OpenSSL using FIPS canister .o file in supplied folder

So either your way or ./configure --openssl-fips=/usr/local/ssl/fips-2.0 should work.

Hope this helps.

[gireeshpunathil]

closing as answered, please let me know if this is outstanding.