Also, on question b: No. You need to build a compatible version of openssl as specified in the User Guide, and link that version. FIPS_mode_set() tells the library to always and only use the implementations in the FIPS canister; the canister does not replace the library entirely.
-Kyle H
On Wed, Jul 3, 2019, 11:55 Dipak B <deepak.redmi2@xxxxxxxxx> wrote:
Dear Experts,Can you please help me with the following question?My win32 desktop application uses 'libcurl' to interact with web service, in order to get my application FIPS 140-2 certified, following is the plan which I arrived at after going through the 'User Guide' and 'Security Policy' pdfs.Plan:a. After verifying HMAC-SHA1 of openssl-fips-2.0.16.tar.gz, build it to generate fipscanister.lib (FOM) as windows static library.b. Build libcurl as windows static library using above fipscanister.libc. Link my desktop application with above libcurl.lib after adding FIPS_mode_set()Questions:a. On following points a, b,c, can I confirm that my application is FIPS 140-2 certified?b. fipscanister.lib is always static library and it can be substituted for libssl.lib / ssleay.lib?Thank you,Deepak
