Hi,I was having same error on x86. Then I have read this and followed the instructions written on this post, then it has worked successfully. Please have a look at this :RegardsMehmet2013/7/8 Ondrej Hrebicek <ondrej@gmail.com>_______________________________________________Hello stunnel users,I'm trying to compile stunnel 4.56 with FIPS support on Ubuntu 12.04. Always end up with the infamous "fingerprint does not match" error. I can't figure out what I'm doing wrong.1. Download�openssl-fips-2.0.2.tar.gz, unpack, ./config, make, and sudo make install (as specified in�http://www.openssl.org/docs/fips/UserGuide-2.0.pdf)2. Download�openssl-1.0.1e.tar.gz, unpack, ./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ --with-fipsdir=/usr/local/ssl/fips-2.0/, make depend, make, and sudo make install3. At this point, openssl is working in FIPS mode:� � > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl version� ��OpenSSL 1.0.1e-fips 11 Feb 2013
� � > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl sha1 c_rehash� ��SHA1(c_rehash)= 5af9e1479950bbbd9d3304c181b3f802c54f64fd� � >�OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl md5 c_rehash� � Error setting digest md5� � 139806582736544:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:4. Download�stunnel-4.56.tar.gz, unpack,�./configure --enable-fips --with-ssl=/usr/local/ssl, make, and sudo make install5. While configuring and building stunnel completes as expected, the following does appear in ./configure's output:� � checking whether to enable FIPS mode support... yes� ��configure: **************************************** SSL� ��checking for SSL directory... /usr/local/ssl� ��checking /usr/local/ssl/include/openssl/engine.h usability... yes� ��checking /usr/local/ssl/include/openssl/engine.h presence... yes� ��checking for /usr/local/ssl/include/openssl/engine.h... yes� ��checking /usr/local/ssl/include/openssl/ocsp.h usability... yes� ��checking /usr/local/ssl/include/openssl/ocsp.h presence... yes� ��checking for /usr/local/ssl/include/openssl/ocsp.h... yes� ��checking /usr/local/ssl/include/openssl/fips.h usability... no� ��checking /usr/local/ssl/include/openssl/fips.h presence... no� ��checking for /usr/local/ssl/include/openssl/fips.h... no� ��configure: WARNING: OpenSSL fips header not foundThis is not entirely unexpected as fips.h only exists in�/usr/local/ssl/fips-2.0/include/openssl.6. Running stunnel however fails:� � >�/usr/local/bin/stunnel� � Clients allowed=500� ��stunnel 4.56 on x86_64-unknown-linux-gnu platform� ��Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013� ��Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS� ��Reading configuration from file /usr/local/etc/stunnel/stunnel.conf� ��FIPS_mode_set: 2D06B06F: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match� ��Line 61: "[pop3s]": Failed to initialize SSL� ��str_stats: 5 block(s), 120 data byte(s), 290 control byte(s)I can't figure out what's causing this, hoping someone on the list may have a couple suggestions. Thanks in advance!
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users