Hi,

I was having same error on x86. Then I have read this and followed the instructions written on this post, then it has worked successfully. Please have a look at this :

http://www.mail-archive.com/openssl-users@openssl.org/msg68085.html

Regards
Mehmet


2013/7/8 Ondrej Hrebicek <ondrej@gmail.com>
Hello stunnel users,

I'm trying to compile stunnel 4.56 with FIPS support on Ubuntu 12.04. Always end up with the infamous "fingerprint does not match" error. I can't figure out what I'm doing wrong.

1. Download�openssl-fips-2.0.2.tar.gz, unpack, ./config, make, and sudo make install (as specified in�http://www.openssl.org/docs/fips/UserGuide-2.0.pdf)

2. Download�openssl-1.0.1e.tar.gz, unpack, ./config fips --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ --with-fipsdir=/usr/local/ssl/fips-2.0/, make depend, make, and sudo make install

3. At this point, openssl is working in FIPS mode:
� � > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl version
� ��OpenSSL 1.0.1e-fips 11 Feb 2013

� � > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl sha1 c_rehash
� ��SHA1(c_rehash)= 5af9e1479950bbbd9d3304c181b3f802c54f64fd

� � >�OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl md5 c_rehash
� � Error setting digest md5
� � 139806582736544:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180:

4. Download�stunnel-4.56.tar.gz, unpack,�./configure --enable-fips --with-ssl=/usr/local/ssl, make, and sudo make install

5. While configuring and building stunnel completes as expected, the following does appear in ./configure's output:

� � checking whether to enable FIPS mode support... yes
� ��configure: **************************************** SSL
� ��checking for SSL directory... /usr/local/ssl
� ��checking /usr/local/ssl/include/openssl/engine.h usability... yes
� ��checking /usr/local/ssl/include/openssl/engine.h presence... yes
� ��checking for /usr/local/ssl/include/openssl/engine.h... yes
� ��checking /usr/local/ssl/include/openssl/ocsp.h usability... yes
� ��checking /usr/local/ssl/include/openssl/ocsp.h presence... yes
� ��checking for /usr/local/ssl/include/openssl/ocsp.h... yes
� ��checking /usr/local/ssl/include/openssl/fips.h usability... no
� ��checking /usr/local/ssl/include/openssl/fips.h presence... no
� ��checking for /usr/local/ssl/include/openssl/fips.h... no
� ��configure: WARNING: OpenSSL fips header not found

This is not entirely unexpected as fips.h only exists in�/usr/local/ssl/fips-2.0/include/openssl.

6. Running stunnel however fails:

� � >�/usr/local/bin/stunnel
� � Clients allowed=500
� ��stunnel 4.56 on x86_64-unknown-linux-gnu platform
� ��Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013
� ��Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS
� ��Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
� ��FIPS_mode_set: 2D06B06F: error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match
� ��Line 61: "[pop3s]": Failed to initialize SSL
� ��str_stats: 5 block(s), 120 data byte(s), 290 control byte(s)

I can't figure out what's causing this, hoping someone on the list may have a couple suggestions. Thanks in advance!

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users