[stunnel-users] Modifying STunnel to use OpenSSL FIPS

David Gillingham dgillingham+stunnel at gmail.com
Tue Jun 13 21:25:23 CEST 2006

Thanks for the quick response, Michal.  There's another item in my
original message that I'd like you to address.  I want the
consequences of the FIPS_mode_set() call failing to be a little more
severe than just an error message being logged.  I'd like it to
trigger the "Stunnel is down due to an error...Click OK to the see the
error log window." message box and not accept connections.  I noticed
that some of the other routines in ssl.c use sslerror(), but calling
that caused a program crash.

So given my original code, I'd like it to eventually look something like this:
#if defined(OPENSSL_FIPS) && defined(USE_FIPS)
  if (!FIPS_mode_set(1))
     /* OpenSSL could not be set to use FIPS mode */
     /* Since we only want to use FIPS mode, throw error message
        and do not let stunnel accept network connections */
     throw_error("Could not change to FIPS mode!");

     s_log(LOG_INFO, "In FIPS mode.");
  /* rest of ssl_init() from original source */

Which function should I call to achieve this?

More information about the stunnel-users mailing list