[stunnel-users] Windows FIPS compile

George Henson george.henson at oss-institute.org
Sat Mar 8 17:00:40 CET 2008

Joe Kemp wrote:
> I am trying to get stunnel to compile against a fips openssl.  I read 
> in install.fips that it is not yet supported.  Is anyone currently 
> working on this?  If so I would love to join forces or any info on the 
> specific issues would help get me started.

I am going though my notes now from when I assisted Michal with getting 
FIPS support for the Unix platforms. He might have a better recall of 
the exact problems.

The currently validated release of the OpenSSL FIPS Object Modules 
requires Microsoft Visual C++ to compile. This is due to a limitation 
imposed on the user guide. This was incompatible with the build method 
Michal used for the binary release. The next release of the Object 
Module promised to be more friendly to the Windows platform. I am not 
holding my breath on new Object Module's validation. More information 
about it can be found on the OpenSSL users list.

While Michal and I were working on the problems with Windows we had two 
basic approaches to building the code. The first is to build and link 
the stunnel code using MS VC++. Michal felt this was not optional as he 
would require more effort to support. The method we explored to a great 
depth was to build libeay32.dll with FIPS support and then link against 
it as normal. Unfortunately this is where my memory gets foggy. We had 
some problems as the dll I would build required the Microsoft 
Redistribution package for the supporting dlls. I might have been 
possible to build the libeay32.dll with MinGW to sidestep this issue 
with dlls. In the end, other issues outweighed the Windows FIPS support 
in stunnel and the release was made.


More information about the stunnel-users mailing list