Kyle, I am not sure what you are referring to when you say, 'application binary', my application binary or the OpenSSL-fips binary. Anyways, here is the info with what I have understood.
1. My application binary (i.e. my client server application XYZ) is the same on both the systems. 2. On both the systems, OpenSSL-fips libraries are the same. i.e. it is built using no-asm option and put on both these systems. I can remove SSE2 codepath from OpenSSL-fips even for systems which support SSE2 right? Regards, Uma -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton Sent: Monday, March 30, 2009 1:09 PM To: openssl-users@openssl.org Subject: Re: Server crash while starting service Have you made sure that the version of the application binary that you're using on the second system is the same as the one that you just built to not require SSE2? -Kyle H On Mon, Mar 30, 2009 at 12:09 AM, Uma G. Nayak <uma_na...@mindtree.com> wrote: > Thanks a lot, to you guys out there. This solved the problem on one of the > machines, which used to say, UNSUPPORTED PLATFORM. Now even my AMD processor > is able to run my application in FIPS mode. > > Now I am off to have a look at the problem in the second system, which fails > to start my application, even though all settings are same as those in the > working systems. :) > > Regards, > Uma > > -----Original Message----- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson > Sent: Thursday, March 26, 2009 5:44 PM > To: openssl-users@openssl.org > Subject: Re: Server crash while starting service > > On Thu, Mar 26, 2009, Uma G. Nayak wrote: > >> That was very clear and great help Kyle!! Even though I had spent time on >> Security Policy earlier, the build procedure was not clear, atleast for me, >> until now. >> >> If you wouldn't mind, could you answer one more question of mine? >> >> I want to use the libeay32.dll and ssleay32.dll from the above build in my >> application. Now, is it sufficient if I use the Openssl-fips-1.2 dlls or >> should I use it with Openssl-0.9.8j module? Because I had read about it in >> one of the replies in this forum, that Openssl-fips-1.2 is to be used in >> conjunction with Openssl-0.9.8j. >> > > Yes you should always use the 1.2 module in conjunction with the latest > version of OpenSSL. > > The version of OpenSSL which came with the 1.2 tarball is an old version of > 0.9.8 and many security and bug fixes have been made since then. > >> If this is true, should I build Openssl-0.9.8j using Openssl-fips-1.2 >> libraries? Again what is the build procedure for this? >> >> I used to follow the below steps for Openssl-0.9.8j: >> >> perl Configure VC-WIN32 no-asm fips --with-fipslibdir=<path of >> Openssl-fips-1.2 dlls> ms\do_ms vcvars32.bat nmake -f ms\ntdll.mak >> > > Yes that's fine but use the latest 0.9.8k release. > > > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > http://www.mindtree.com/email/disclaimer.html > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org http://www.mindtree.com/email/disclaimer.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
