[stunnel-users] Windows FIPS compile
george.henson at oss-institute.org
Sat Mar 8 17:00:40 CET 2008
Joe Kemp wrote:
> I am trying to get stunnel to compile against a fips openssl. I read
> in install.fips that it is not yet supported. Is anyone currently
> working on this? If so I would love to join forces or any info on the
> specific issues would help get me started.
I am going though my notes now from when I assisted Michal with getting
FIPS support for the Unix platforms. He might have a better recall of
the exact problems.
The currently validated release of the OpenSSL FIPS Object Modules
requires Microsoft Visual C++ to compile. This is due to a limitation
imposed on the user guide. This was incompatible with the build method
Michal used for the binary release. The next release of the Object
Module promised to be more friendly to the Windows platform. I am not
holding my breath on new Object Module's validation. More information
about it can be found on the OpenSSL users list.
While Michal and I were working on the problems with Windows we had two
basic approaches to building the code. The first is to build and link
the stunnel code using MS VC++. Michal felt this was not optional as he
would require more effort to support. The method we explored to a great
depth was to build libeay32.dll with FIPS support and then link against
it as normal. Unfortunately this is where my memory gets foggy. We had
some problems as the dll I would build required the Microsoft
Redistribution package for the supporting dlls. I might have been
possible to build the libeay32.dll with MinGW to sidestep this issue
with dlls. In the end, other issues outweighed the Windows FIPS support
in stunnel and the release was made.
More information about the stunnel-users