Joe Kemp wrote:
I am trying to get stunnel to compile against a fips openssl. I read in install.fips that it is not yet supported. Is anyone currently working on this? If so I would love to join forces or any info on the specific issues would help get me started.
Joe,
I am going though my notes now from when I assisted Michal with getting FIPS support for the Unix platforms. He might have a better recall of the exact problems.
The currently validated release of the OpenSSL FIPS Object Modules requires Microsoft Visual C++ to compile. This is due to a limitation imposed on the user guide. This was incompatible with the build method Michal used for the binary release. The next release of the Object Module promised to be more friendly to the Windows platform. I am not holding my breath on new Object Module's validation. More information about it can be found on the OpenSSL users list.
While Michal and I were working on the problems with Windows we had two basic approaches to building the code. The first is to build and link the stunnel code using MS VC++. Michal felt this was not optional as he would require more effort to support. The method we explored to a great depth was to build libeay32.dll with FIPS support and then link against it as normal. Unfortunately this is where my memory gets foggy. We had some problems as the dll I would build required the Microsoft Redistribution package for the supporting dlls. I might have been possible to build the libeay32.dll with MinGW to sidestep this issue with dlls. In the end, other issues outweighed the Windows FIPS support in stunnel and the release was made.
George