[stunnel-users] Windows FIPS compile

Joe Kemp jkemp at capwin.org
Mon Mar 10 17:17:54 CET 2008


I was able to compile openssl 1.1.2 (just certified on the 28th I think) with mingw.  Then compile openssl-0.9.7m with MS VC++ against those modules making useable DLLs.  I added -DUSE_FIPS to the vc.mak in stunnel and compiled it with MS VC++.  Everything compiled and seemed to work. So far so good, now time to do some real testing.

-----Original Message-----
From: George Henson [mailto:george.henson at oss-institute.org]
Sent: Saturday, March 08, 2008 11:01 AM
To: Joe Kemp
Cc: stunnel-users at mirt.net
Subject: Re: [stunnel-users] Windows FIPS compile

Joe Kemp wrote:
>
> I am trying to get stunnel to compile against a fips openssl.  I read
> in install.fips that it is not yet supported.  Is anyone currently
> working on this?  If so I would love to join forces or any info on the
> specific issues would help get me started.
>
Joe,

I am going though my notes now from when I assisted Michal with getting
FIPS support for the Unix platforms. He might have a better recall of
the exact problems.

The currently validated release of the OpenSSL FIPS Object Modules
requires Microsoft Visual C++ to compile. This is due to a limitation
imposed on the user guide. This was incompatible with the build method
Michal used for the binary release. The next release of the Object
Module promised to be more friendly to the Windows platform. I am not
holding my breath on new Object Module's validation. More information
about it can be found on the OpenSSL users list.

While Michal and I were working on the problems with Windows we had two
basic approaches to building the code. The first is to build and link
the stunnel code using MS VC++. Michal felt this was not optional as he
would require more effort to support. The method we explored to a great
depth was to build libeay32.dll with FIPS support and then link against
it as normal. Unfortunately this is where my memory gets foggy. We had
some problems as the dll I would build required the Microsoft
Redistribution package for the supporting dlls. I might have been
possible to build the libeay32.dll with MinGW to sidestep this issue
with dlls. In the end, other issues outweighed the Windows FIPS support
in stunnel and the release was made.

George



More information about the stunnel-users mailing list