Hi All, Ours is a client server application, with Server: Apache/2.2.3, Interface: mod_ssl/2.2.3, Library: OpenSSL/0.9.8. The Server has been modified to suit our needs using C++. Its entry point is Init_Instance(). Apache has its own entry point main(). The client is a MFC application.
Now I want to upgrade openssl so that I can use FIPS mode of operation. Hence I am trying to use OpenSSL/0.9.8j-fips library. I want to know where the fips_mode_set() API call should be made among the two entry points. 1. If the fips_mode_set() API is called in main() i.e. the entry point of Apache, then the server exits with error. The log file entry shows "Failed to generate temporary 512 bit RSA private key" "Seeding PRNG with 0 bytes of entropy". 2. If the fips_mode_set() API is called in Init_Instance() then, when I connect from my client application, it fails to connect. And when I debug I find that ssl_accept() in ssl_engine_io.c fails, with error code 5. Also, if the server page is accessed from Internet Explorer, then the server crashes trying to free memory!! Can anybody tell me the correct place to make this call and also how to solve the above issues? Thanks & Regards, Uma Nayak ________________________________ http://www.mindtree.com/email/disclaimer.html
