On Fri, Feb 23, 2007, Wei Weng wrote: > Chris: Thanks for the reply. > > Here is the thing I want: I need to build a openssl library that is fips > capable so that I can link libcurl against the library, since libcurl > uses openssl library to do the decode/encode stuff. > > I am guessing that I will need to build my own openssl library that > linked against FIPS module. >
This has been mentioned before but it is worth repeating. Just linking an application with a FIPS compliant version of OpenSSL is *NOT* sufficient to make the application compliant. The application has to adhere to the security policy. This among other things requires the application to enable FIPS mode which a typical application will not do. One of several effects of entering FIPS mode is to disable the use of non-FIPS algorithms: this may cause problems where the application expectes to use such algorithms and cannot gracefully handle errors. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
