Thanks for the quick response, Michal. There's another item in my original message that I'd like you to address. I want the consequences of the FIPS_mode_set() call failing to be a little more severe than just an error message being logged. I'd like it to trigger the "Stunnel is down due to an error...Click OK to the see the error log window." message box and not accept connections. I noticed that some of the other routines in ssl.c use sslerror(), but calling that caused a program crash.
So given my original code, I'd like it to eventually look something like this: #if defined(OPENSSL_FIPS) && defined(USE_FIPS) if (!FIPS_mode_set(1)) { /* OpenSSL could not be set to use FIPS mode */ /* Since we only want to use FIPS mode, throw error message and do not let stunnel accept network connections */ throw_error("Could not change to FIPS mode!");
} else { s_log(LOG_INFO, "In FIPS mode."); } #endif /* rest of ssl_init() from original source */ }
Which function should I call to achieve this?