[stunnel-users] Please allow fips=no even if !USE_FIPS

• Previous message (by thread): [stunnel-users] public domain [Patch] Support multiple X509 client certificates with same CN
• Next message (by thread): [stunnel-users] stunnel.cnf should set keyUsage = keyCertSign
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It's currently impossible to make a stunnel config file that works
with reasonable settings on both a USE_FIPS build (e.g. Fedora) and a
!USE_FIPS build (e.g. Ubuntu).  This is because, if USE_FIPS, fips
defaults to "yes" (which is, for most purposes, a serious problem)
and, if !USE_FIPS, the setting 'fips=no' prevents stunnel from
starting.

I've observed this on stunnel 4.53, and it looks like the same issue
exists in the source in stunnel 4.56 and 5.00.

(Note that, if targetting stunnel 5.00, this is less of an issue,
since the default value of 'fips' changed.  Nonetheless, it would be
nice to accept 'fips=no' to avoid surprises.)

Thanks,
Andy

• Previous message (by thread): [stunnel-users] public domain [Patch] Support multiple X509 client certificates with same CN
• Next message (by thread): [stunnel-users] stunnel.cnf should set keyUsage = keyCertSign
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]