[stunnel-users] Compiling with ./configure --enable-fips option

Lewis, Joseph E Sr Mr CTR USA USA joe.lewissr at us.army.mil
Tue Feb 1 20:59:14 CET 2011


Thanks Michal for your response. 
We got it figured out. First we had to set the environment variables:
$>   export CFLAGS="-DSYSV -D_AIX -D_AIX53 -D_ALL_SOURCE -O2 –DOPENSSL_FIPS"
$>   export CC="gcc"

Then we ran the configure command with the following options:
$>   ./configure --prefix=<install_dir> --enable-fips 

Then environment variable allows stunnel to compile correctly; we then followed that up with the make and the make install command and everything completed just fine. 
Thanks again.


----- Original Message -----
From: Michal Trojnara <Michal.Trojnara at mirt.net>
Date: Sunday, January 30, 2011 13:09
Subject: Re: [stunnel-users] Compiling with ./configure --enable-fips option
To: stunnel-users at stunnel.org


> Lewis, Joseph E Sr Mr CTR USA USA wrote:
> > When I use the –enable-fips option, the configure runs just fine 
> but  
> > the make fails with :
> > In file included from common.h:374,
> >                 from file.c:38:
> > /usr/include/openssl/fips.h:69:2: error: #error FIPS is disabled.
> > make: 1254-004 The error code from the last command is 1.
> [cut]
> > IBM support assures me that FIPS is enabled.
> [cut]
> > stunnel 4.32 on powerpc-ibm-aix5.3.0.0 with OpenSSL 0.9.8k-fips 
> 25  
> > Mar 2009
> 
> Yes, it looks like FIPS is indeed enabled in your OpenSSL library. 
> On  
> the other hand it looks like FIPS support is *not* enabled in your 
> 
> OpenSSL headers.
> 
> The corresponding code in fips.h is:
> #include <
> #ifndef OPENSSL_FIPS
> #error FIPS is disabled.
> #endif
> 
> See the output of stunnel ./configure script and look for SSL  
> configuration.  You'll find the directory that stunnel gets its  
> OpenSSL headers and libraries from.  Maybe you have more than one  
> instance of OpenSSL installed, and stunnel finds not the one with FIPS  
> enabled?
> 
> The best solution would be to use header files configured with FIPS  
> support.
> Alternatively you could manually add:
> #define OPENSSL_FIPS
> to your opensslconf.h.
> 
> Mike
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users



More information about the stunnel-users mailing list