I have AIX 6.1 (64-bit) with GCC 4.2.0. It has an older version of OpenSSL (0.9.8) installed from IBM but I'm trying to compile Stunnel 5.17 with OpenSSL 1.0.2a-fips as non-root. I proceed as follows:
cd ~; [ -d openssl ] && rm -rf openssl; mkdir openssl
cd ~/OpenSSL; [ -d openssl-fips-2.0.9 ] && rm -rf openssl-fips-2.0.9
gzip -dc openssl-fips-2.0.9.tar.gz | tar xvf -
cd openssl-fips-2.0.9; chmod 755 Configure
./Configure aix64-gcc --openssldir=$HOME/openssl
make
make install
NOTE: the above is just the FIPS canister (library), not the executable.
cd ~/OpenSSL; [ -d openssl-1.0.2a ] && rm -rf openssl-1.0.2a
gzip -dc openssl-1.0.2a.tar.gz | tar xvf -
cd openssl-1.0.2a; chmod 755 Configure
./Configure aix64-gcc fips shared --openssldir=$HOME/openssl --with-fipsdir=$HOME/openssl
make depend
make
make test
make install
cd ~/openssl/bin; ./openssl version; ./openssl speed
NOTE: Look for "ALL OCSP TESTS SUCCESSFUL" after "make test" to verify the test build was successful, and it was.
NOTE: "./openssl version" should show "OpenSSL 1.0.2a-fips 19 Mar 2015"
NOTE: "./openssl speed" should take a while as it's measuring the speed for all algorithms
Final test of OpenSSL 1.0.2a-fips:
./openssl sha1 -hmac etaonrishdlcupfm ~/OpenSSL/openssl-fips-2.0.9.tar.gz
- should return: 54552e9a3ed8d1561341e8945fcdec55af961322
Now, I try to compile Stunnel:
rm -rf $HOME/stunnel-bin; mkdir $HOME/stunnel-bin
cd ~/Stunnel; [ -f stunnel-5.17 ] && rm -rf stunnel-5.17
gzip -dc stunnel-5.17.tar.gz | tar xvf - ; cd stunnel-5.17
./configure --enable-fips --prefix=$HOME/stunnel-bin --with-ssl=$HOME/openssl
make
I get a failure at make for a library not found:
/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -D_THREAD_SAFE -Wall -Wextra -Wformat=2 -Wconversion -Wno-long-long -Wno-deprecated-declarations -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto -o stunnel stunnel-tls.o stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o -lpthreads
libtool: link: gcc -g -O2 -D_THREAD_SAFE -Wall -Wextra -Wformat=2 -Wconversion -Wno-long-long -Wno-deprecated-declarations -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -o stunnel stunnel-tls.o stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o -L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto -lpthreads
collect2: library libssp_nonshared not found
The interesting part is that doing a "grep -R libssp" of the source tree only shows one reference to libssp:
$ grep -R libssp *
stunnel-5.17/tools/stunnel.nsi: # MINGW builds requires libssp-0.dll instead of msvcr90.dll
Googling showed some really old links that had libssp skipped for GCC on AIX:
and another that added it back in:
Can anyone who has compiled this for AIX give me a clue about what's going on? This looks like a reference to a non-existent library but I would think that if GCC needed that, it wouldn't allow the RPM for GCC to be installed.
Thanks,
-Rob