Hi Dr. Henson. Thanks for your reply. I will take a look at newer snapshots. We have two different deployments we are working with, one which links statically against the librypto and libssl, and second one which links statically (with a wrapper library which we are using /fixed with).
The certificate signature is SHA1 with RSA. The subject public key is RSA 1024. Thanks for your advice. +-+-+-+-+-+-+-+-+- Dave McLellan, VMAX Software Engineering, EMC Corporation, 176 South St. Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749 Office: 508-249-1257, Mobile: 978-500-2546, dave.mclel...@emc.com +-+-+-+-+-+-+-+-+- -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Tuesday, February 25, 2014 5:14 PM To: openssl-users@openssl.org Subject: Re: OpenSSL 1.0.1e with FIPS 2.0 and Visual Studio 2012 -- has anyone made this work for Win32? On Tue, Feb 25, 2014, mclellan, dave wrote: > Very high level question: We are using OpenSSL 1.0.1e with FIPS 2.0 and > VS2012. Our Windows 64 bit proprietary client/server with SSL works fine, > as do all our Linux platforms (FIPS only in use on Windows and Linux). > > In Win32 we are seeing: > > 1. Intermittent FIPS_mode_set failures - fingerprint doesn't match > Try a recent 1.0.1 snapshot. The use of /fixed might resolve this. > 2. When FIPS_mode_set() works, we get certificate signature validation > errors. More details on request. > Is the certificate using an unapproved algorithms like MD5? If not please give more details. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
