Steve: As I think you know, I've built FIPS-capable libcurl for Windows and curl for HP-UX. I'm currently building FIPS-capable curl on Solaris 9 and, among other mods to curl, I inserted the call to FIPS_mode_set() after the call to Curl_pretransfer(data) in the function Curl_perform() in the file lib/transfer.c. When I read this thread, I was curious, so I searched in *.c and *.h files in my 7.18.2 curl project for SSL_library_init() and failed to find it. Then searched for it in openssl-0.9.7m and failed to find it there either. So, before I go any further, what am I missing here?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Marquess Sent: Sunday, September 14, 2008 2:36 PM To: openssl-users@openssl.org Subject: Re: FIPS_mod_set() before/after SSL_library_init() ? Robert Sicoie wrote: > Hi, > > I'm building cURL with FIPS capable OpenSSL module. I'm calling > FIPS_mode_set function to enable FIPS somewhere after SSL_library_init() > has already been called. The binary file is working fine, but is there a > problem that the FIPS mode is turned on after SSL_library_init() but > before connecting to the remote host? > > FIPS_mode_set function must be called before SSL_library_init()? > No, FIPS_mode_set() can be called afterwards. In can even be called long afterwards, after performing crypto operations in regular (non-FIPS) mode. -Steve M. -- Steve Marquess Open Source Software institute [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
