[stunnel-users] Linux FIPS compile libary question

Joe Kemp jkemp at capwin.org
Thu Apr 10 18:44:39 CEST 2008


I am compiling stunnel on Centos 5 that has a regular Openssl 0.9.8b rpm installed.  I have put my FIPS openssl in /usr/local/sslfips112.

Configure with: ./configure --with-ssl=/usr/local/sslfips112 --enable-fips --disable-libwrap

Make's linker line:
/bin/sh ../libtool --tag=CC --mode=link FIPSLD_CC=gcc /usr/local/sslfips112/bin/fipsld  -g -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith -I/usr/local/sslfips112/include  -lldap -o stunnel   file.o client.o log.o options.o protocol.o network.o resolver.o ssl.o ctx.o verify.o sthreads.o stunnel.o auth.o pty.o libwrap.o  -lz -ldl -lutil -lnsl  -lpthread -L/usr/local/sslfips112/lib -lssl -lcrypto
FIPSLD_CC=gcc /usr/local/sslfips112/bin/fipsld -g -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith -I/usr/local/sslfips112/include -o stunnel file.o client.o log.o options.o protocol.o network.o resolver.o ssl.o ctx.o verify.o sthreads.o stunnel.o auth.o pty.o libwrap.o  -lldap -lz -ldl -lutil -lnsl -lpthread -L/usr/local/sslfips112/lib -lssl -lcrypto

This builds a stunnel that seems to run fine.  During startup it says "stunnel is in FIPS mode."  But if I run "ldd stunnel" it shows it needs /lib/libssl.so.6.  While stunnel is running lsof shows it has that library open also.  Why does my FIPS stunnel build still use the 0.9.8b shared library?  Shouldn't all of the ssl dependencies been handled by the static FIPS openssl library during linking?  The same issue exists for libcrypt.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080410/c9567ca1/attachment.html>


More information about the stunnel-users mailing list