I have AIX 6.1 (64-bit) with GCC 4.2.0. It has an older version of OpenSSL (0.9.8) installed from IBM but I'm trying to compile Stunnel 5.17 with OpenSSL 1.0.2a-fips as non-root. I proceed as follows:

cd ~; [ -d openssl ] && rm -rf openssl; mkdir openssl cd ~/OpenSSL; [ -d openssl-fips-2.0.9 ] && rm -rf openssl-fips-2.0.9 gzip -dc openssl-fips-2.0.9.tar.gz | tar xvf - cd openssl-fips-2.0.9; chmod 755 Configure ./Configure aix64-gcc --openssldir=$HOME/openssl make make install

NOTE: the above is just the FIPS canister (library), not the executable.

cd ~/OpenSSL; [ -d openssl-1.0.2a ] && rm -rf openssl-1.0.2a gzip -dc openssl-1.0.2a.tar.gz | tar xvf - cd openssl-1.0.2a; chmod 755 Configure ./Configure aix64-gcc fips shared --openssldir=$HOME/openssl --with-fipsdir=$HOME/openssl make depend make make test make install cd ~/openssl/bin; ./openssl version; ./openssl speed

NOTE: Look for "ALL OCSP TESTS SUCCESSFUL" after "make test" to verify the test build was successful, and it was. NOTE: "./openssl version" should show "OpenSSL 1.0.2a-fips 19 Mar 2015" NOTE: "./openssl speed" should take a while as it's measuring the speed for all algorithms

Final test of OpenSSL 1.0.2a-fips: ./openssl sha1 -hmac etaonrishdlcupfm ~/OpenSSL/openssl-fips-2.0.9.tar.gz - should return: 54552e9a3ed8d1561341e8945fcdec55af961322

Now, I try to compile Stunnel:

rm -rf $HOME/stunnel-bin; mkdir $HOME/stunnel-bin cd ~/Stunnel; [ -f stunnel-5.17 ] && rm -rf stunnel-5.17 gzip -dc stunnel-5.17.tar.gz | tar xvf - ; cd stunnel-5.17 ./configure --enable-fips --prefix=$HOME/stunnel-bin --with-ssl=$HOME/openssl make

I get a failure at make for a library not found:

/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -D_THREAD_SAFE -Wall -Wextra -Wformat=2 -Wconversion -Wno-long-long -Wno-deprecated-declarations -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto -o stunnel stunnel-tls.o stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o -lpthreads libtool: link: gcc -g -O2 -D_THREAD_SAFE -Wall -Wextra -Wformat=2 -Wconversion -Wno-long-long -Wno-deprecated-declarations -fstack-protector -fPIE -D_FORTIFY_SOURCE=2 -o stunnel stunnel-tls.o stunnel-str.o stunnel-file.o stunnel-client.o stunnel-log.o stunnel-options.o stunnel-protocol.o stunnel-network.o stunnel-resolver.o stunnel-ssl.o stunnel-ctx.o stunnel-verify.o stunnel-sthreads.o stunnel-fd.o stunnel-stunnel.o stunnel-pty.o stunnel-libwrap.o stunnel-ui_unix.o -L/home/lockharr/openssl/lib64 -L/home/lockharr/openssl/lib -lssl -lcrypto -lpthreads collect2: library libssp_nonshared not found

The interesting part is that doing a "grep -R libssp" of the source tree only shows one reference to libssp:

$ grep -R libssp * stunnel-5.17/tools/stunnel.nsi: # MINGW builds requires libssp-0.dll instead of msvcr90.dll

Googling showed some really old links that had libssp skipped for GCC on AIX: http://gcc.gnu.org/ml/gcc-patches/2005-09/msg01231.html and another that added it back in: http://marc.info/?l=gcc-patches&m=130168534803966

Can anyone who has compiled this for AIX give me a clue about what's going on? This looks like a reference to a non-existent library but I would think that if GCC needed that, it wouldn't allow the RPM for GCC to be installed.

Thanks, -Rob