On Mon, 2012-03-19 at 15:30 +0100, Philippe wrote:
On Mon, 19 Mar 2012 15:24:00 +0100, Michal Trojnara wrote:
Are you sure your OpenSSL is on this machine is compiled with FIPS support?
no, i'm not sure it is the ubuntu oneiric 11.10 version I get with apt-get
If you're using the packaged version, then you don't have FIPS support. It's disabled because it requires static linking.
root@server:/etc# openssl version OpenSSL 1.0.0e 6 Sep 2011 root@server:/etc# stunnel -version Reading configuration from descriptor 3 Line 1: "verify = ersion": Bad verify level
You're calling the stunnel 3 wrapper script. Call stunnel4
Back when 4.x was new, in Debian we renamed the binary to stunnel4, because we wanted to give a clear migration path for scripts. It may be that the time to rename that wrapper to stunnel3 and reclaim the unversioned name for the binary has come ;-)