@@ -137,6 +137,7 @@ section titled `/* Configuration */`:
137137```
138138#define WOLFSSL_JNI
139139#define HAVE_EX_DATA
140+ #define OPENSSL_EXTRA
140141#define OPENSSL_ALL
141142#define HAVE_CRL
142143#define HAVE_OCSP
@@ -146,9 +147,16 @@ section titled `/* Configuration */`:
146147#define HAVE_DH
147148#define WOLFSSL_CERT_EXT
148149#define WOLFSSL_CERT_GEN
150+ #define WOLFSSL_KEY_GEN
151+ #define WOLFSSL_CERT_REQ
152+ #define WOLFSSL_ALT_NAMES
149153#define HAVE_TLS_EXTENSIONS
150154#define HAVE_SNI
151155#define HAVE_ALPN
156+ #define KEEP_PEER_CERT
157+ #define SESSION_CERTS
158+ #define WOLFSSL_ALT_CERT_CHAINS
159+ #define WOLFSSL_ALWAYS_VERIFY_CB
152160```
153161
154162After editing and saving the ` user_settings.h ` file, select one of the following
@@ -171,10 +179,13 @@ When bulding wolfSSL JNI/JSSE, the Visual Studio project file for that library
171179will look in the above locations to link against the wolfSSL DLL matching
172180the same build configuration.
173181
174- ## wolfSSL FIPS 140-2 (Certificate #3389 )
182+ ## wolfSSL FIPS 140-2 (Certificate #3389 , Now Historical)
183+
184+ Please consider looking at and migrating to wolfSSL's new FIPS 140-3
185+ validated version of wolfCrypt. Email fips@wolfssl.com for more information.
175186
176187To build a wolfSSL FIPS 140-2 variant of wolfSSL for use with FIPS 140-2
177- certificate #3389 or later , use the Visual Studio solution file located under
188+ certificate #3389 , use the Visual Studio solution file located under
178189the ` IDE\WIN10 ` directory inside the wolfSSL FIPS release package:
179190
180191```
@@ -216,6 +227,7 @@ and set the values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
216227```
217228#define WOLFSSL_JNI
218229#define HAVE_EX_DATA
230+ #define OPENSSL_EXTRA
219231#define OPENSSL_ALL
220232#define HAVE_CRL
221233#define HAVE_OCSP
@@ -225,9 +237,16 @@ and set the values for `HAVE_FIPS`, `HAVE_FIPS_VERSION`, and
225237#define HAVE_DH
226238#define WOLFSSL_CERT_EXT
227239#define WOLFSSL_CERT_GEN
240+ #define WOLFSSL_KEY_GEN
241+ #define WOLFSSL_CERT_REQ
242+ #define WOLFSSL_ALT_NAMES
228243#define HAVE_TLS_EXTENSIONS
229244#define HAVE_SNI
230245#define HAVE_ALPN
246+ #define KEEP_PEER_CERT
247+ #define SESSION_CERTS
248+ #define WOLFSSL_ALT_CERT_CHAINS
249+ #define WOLFSSL_ALWAYS_VERIFY_CB
231250```
232251
2332526 . Build the ` wolfssl-fips ` project, which will create a DLL in one of the
@@ -254,28 +273,33 @@ in the wolfCrypt tests successfully running.
254273See the FIPS User Guide for more details on the FIPS verifyCore hash, or
255274email support@wolfssl.com .
256275
257- ## wolfSSL FIPS 140-3 (Upcoming )
276+ ## wolfSSL FIPS 140-3 (Certificate # 4718
258277
259- To build a version of wolfSSL that has been submitted for FIPS 140-3, use
260- the Visual Studio solution file under the ` IDE\ WIN10 ` directory inside the
261- wolfSSL package:
278+ To build a wolfSSL FIPS 140-3 variant for use with FIPS 140-3 certificate
279+ # 4718 , use the Visual Studio solution file located in the ` IDE/ WIN10 `
280+ directory inside the wolfSSL package:
262281
263282```
264283<wolfssl>\IDE\WIN10\wolfssl-fips.sln
265284```
266285
267286Follow instructions in the above section for 140-2 / 3389, except use the
268- following values for ` HAVE_FIPS ` , ` HAVE_FIPS_VERSION ` , and
269- ` HAVE_FIPS_VERSION_MINOR ` in ` user_settings.h ` :
287+ following values for ` HAVE_FIPS ` , ` HAVE_FIPS_VERSION ` ,
288+ ` HAVE_FIPS_VERSION_MAJOR ` , ` HAVE_FIPS_VERSION_MINOR ` , and
289+ ` HAVE_FIPS_VERSION_PATCH ` in ` user_settings.h ` :
270290
271291```
272292#if 1
273293#undef HAVE_FIPS
274294#define HAVE_FIPS
275295#undef HAVE_FIPS_VERSION
276296#define HAVE_FIPS_VERSION 5
297+ #undef HAVE_FIPS_VERSION_MAJOR
298+ #define HAVE_FIPS_VERSION_MAJOR 5
277299#undef HAVE_FIPS_VERSION_MINOR
278- #define HAVE_FIPS_VERSION_MINOR 1
300+ #define HAVE_FIPS_VERSION_MINOR 2
301+ #undef HAVE_FIPS_VERSION_PATCH
302+ #define HAVE_FIPS_VERSION_PATCH 0
279303#endif
280304```
281305
@@ -285,6 +309,7 @@ The following additional defines will also need to be added to
285309```
286310#define WOLFSSL_JNI
287311#define HAVE_EX_DATA
312+ #define OPENSSL_EXTRA
288313#define OPENSSL_ALL
289314#define HAVE_CRL
290315#define HAVE_OCSP
@@ -294,9 +319,16 @@ The following additional defines will also need to be added to
294319#define HAVE_DH
295320#define WOLFSSL_CERT_EXT
296321#define WOLFSSL_CERT_GEN
322+ #define WOLFSSL_KEY_GEN
323+ #define WOLFSSL_CERT_REQ
324+ #define WOLFSSL_ALT_NAMES
297325#define HAVE_TLS_EXTENSIONS
298326#define HAVE_SNI
299327#define HAVE_ALPN
328+ #define KEEP_PEER_CERT
329+ #define SESSION_CERTS
330+ #define WOLFSSL_ALT_CERT_CHAINS
331+ #define WOLFSSL_ALWAYS_VERIFY_CB
300332```
301333
302334For additional help, contact support@wolfssl.com .
0 commit comments