Hi,
Thank you for the quick answer.
Both the questions have subtle difference. My apology they appear almost same.
So, to clear my doubts, following is my understanding
a) An application is FIPS 140-2 certified if and only if it links directly to 'fipscanister.lib'.
b) Application which links to 'libcurl.lib' and has no direct called to OpenSSL can be called as FIPS 140-2 certified if and only if the
libcurl.lib used is generated using 'fipscanister.lib'
Not To be said / just repetition
Application linking with ssleay.lib from FIPS capable OpenSSL is not FIPS 140-2 certified.
Regards,
Deepak
On Wed, Jul 3, 2019 at 10:37 PM Salz, Rich <rsalz@xxxxxxxxxx> wrote:
Didn’t you just ask this question? :)
If you followed the Win32 build instructions *exactly* and you build your application to turn on FIPS mode and link against the canister, then yes.
If you made changes to the process, then no.
