[stunnel-users] Compiling with ./configure --enable-fips option

• Previous message (by thread): [stunnel-users] Compiling with ./configure --enable-fips option
• Next message (by thread): [stunnel-users] malformed packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Lewis, Joseph E Sr Mr CTR USA USA wrote:
> When I use the –enable-fips option, the configure runs just fine but  
> the make fails with :
> In file included from common.h:374,
>                 from file.c:38:
> /usr/include/openssl/fips.h:69:2: error: #error FIPS is disabled.
> make: 1254-004 The error code from the last command is 1.
[cut]
> IBM support assures me that FIPS is enabled.
[cut]
> stunnel 4.32 on powerpc-ibm-aix5.3.0.0 with OpenSSL 0.9.8k-fips 25  
> Mar 2009

Yes, it looks like FIPS is indeed enabled in your OpenSSL library.  On  
the other hand it looks like FIPS support is *not* enabled in your  
OpenSSL headers.

The corresponding code in fips.h is:
#include <openssl/opensslconf.h>
#ifndef OPENSSL_FIPS
#error FIPS is disabled.
#endif

See the output of stunnel ./configure script and look for SSL  
configuration.  You'll find the directory that stunnel gets its  
OpenSSL headers and libraries from.  Maybe you have more than one  
instance of OpenSSL installed, and stunnel finds not the one with FIPS  
enabled?

The best solution would be to use header files configured with FIPS  
support.
Alternatively you could manually add:
#define OPENSSL_FIPS
to your opensslconf.h.

Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110130/1ceff5b1/attachment.sig>

• Previous message (by thread): [stunnel-users] Compiling with ./configure --enable-fips option
• Next message (by thread): [stunnel-users] malformed packets
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]