This document is related to the issue ticket is Being a co-maintainer of the ruby/openssl for the OpenSSL FIPS mode. See also "What is FIPS". How to debug with OpenSSL 3 FIPS Below are the steps to debug Ruby OpenSSL binding (ruby/openssl) with OpenSSL 3 with FIPS enabled. Install OpenSSL from the source Build and install OpenSSL from the source with the FIPS option. See the official configuration options document for details. --libdir=lib: This option changes the default library directory name "lib64" in x86_64 to "lib". It's useful when you access from the Ruby OpenSSL binding. Because the mkmf#dir_config executed by --with-openssl-dir=<path> in the later step below expects the "lib" as a default. See the code. enable-fips: Enabling FIPS

The detailed info of the OpenSSL RPM $ rpm -q openssl openssl-3.0.8-1.fc37.x86_64 $ which openssl /bin/openssl You can check the used compiler and the flags. $ openssl version -a OpenSSL 3.0.8 7 Feb 2023 (Library: OpenSSL 3.0.8 7 Feb 2023) built on: Thu Feb 9 00:00:00 2023 UTC

3 OpenSSL-related talksOpenSSL's Journey recommendedOpenSSL 3.0 => FIPS 140-2 OpenSSL 3.1 => FIPS 140-3 OpenSSL 3.2 => QUIC (a replacemnt of TCP + TLS) Migration of OpenSSL with source-git A lightning talk: How to use the source-git (Packit) to update the dist-git rpms/openssl easily. OpenSSL 3 providers The introduction of the OpenSSL 3 providers feature.This is related to the configuration file of FIPS. The FIPS configuration file has the base and fips providers.

Way 1 Build the Ruby. $ cd ~/git/ruby/ruby $ ./configure ... $ make -j$(nproc) Run a unit test with RUN_OPTS=-rdebug/start.

The document is here. The installation document is here. This document is created in Feodra Linux 37. $ sudo dnf install systemtap systemtap-runtime $ sudo stap-prep $ cat ~/script/stap/hello.stp #! /usr/bin/env stap probe oneshot { println("Hello!") } $ sudo stap ~/script/stap/hello.stp Hello! Add groups to run a stap script by a regular user