[stunnel-users] Compiling with ./configure --enable-fips option

Michal Trojnara Michal.Trojnara at mirt.net
Sun Jan 30 19:08:04 CET 2011

Lewis, Joseph E Sr Mr CTR USA USA wrote:
> When I use the –enable-fips option, the configure runs just fine but  
> the make fails with :
> In file included from common.h:374,
>                 from file.c:38:
> /usr/include/openssl/fips.h:69:2: error: #error FIPS is disabled.
> make: 1254-004 The error code from the last command is 1.
> IBM support assures me that FIPS is enabled.
> stunnel 4.32 on powerpc-ibm-aix5.3.0.0 with OpenSSL 0.9.8k-fips 25  
> Mar 2009

Yes, it looks like FIPS is indeed enabled in your OpenSSL library.  On  
the other hand it looks like FIPS support is *not* enabled in your  
OpenSSL headers.

The corresponding code in fips.h is:
#include <openssl/opensslconf.h>
#error FIPS is disabled.

See the output of stunnel ./configure script and look for SSL  
configuration.  You'll find the directory that stunnel gets its  
OpenSSL headers and libraries from.  Maybe you have more than one  
instance of OpenSSL installed, and stunnel finds not the one with FIPS  

The best solution would be to use header files configured with FIPS  
Alternatively you could manually add:
to your opensslconf.h.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110130/1ceff5b1/attachment.sig>

More information about the stunnel-users mailing list