On Wed, Nov 14, 2012 at 12:32 PM, Nou Dadoun <ndad...@teradici.com> wrote: > Hi folks, > > We have several projects that use openssl in both FIPS-mode and > non-FIPS-mode; one of the projects that we have that does not use FIPS-mode > is one that uses the Boost ASIO library in which we can reach done into the > openssl properties to get properties and operations that aren't provided > directly by Boost. This project currently uses openssl 0.9.8x. > > We're interested in moving this project to run in FIPS-mode (with a > corresponding openssl version upgrade) and I was wondering if anyone here had > experience in setting up a Boost project to run in FIPS-mode. Any general > comments? ... N > On Windows, you will likely have problems with Boost. I could not get Boost to compile properly due to problems with their preprocessor macros (“Mixing a dll boost library with a static runtime is a really bad idea…”, http://stackoverflow.com/questions/9527713/mixing-a-dll-boost-library-with-a-static-runtime-is-a-really-bad-idea).
Boost also lacks thread safety, so I'm skeptical about ASIO reaching into OpenSSL (for which you provide locks). Boost does have threading support, which is almost completely broken the last time I checked (I actually audited it about a year ago). Its full of Comp Sci 101 mistakes. The library did not validate parameters and ignored return values on critical code paths. Don't believe all the Fan Boi chatter about quality as Boost seems to lack a QA process. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
