[stunnel-users] Stunnel 4.26 compile issue against openssl 0.9.8j + openssl-fips-1.2

David W Blaine dblaine2 at csc.com
Tue Mar 10 11:58:38 CET 2009


Hi list,
 
Sorry about the previous posting.  Resubmitting without HTML.


The only reference to this call is in fips_rand.c and as I said it is in 
all lower case. The third parameter appears to be the key size which can 
be 16, 24 or 32.
 

Has anyone successfully compiled stunnel against openssl fips 1.2???

-----------------------------------------------------------------
DAVID BLAINE, GCIA , CISSP
GDLS-C Lead Information Risk Manager (LIRM)
CSC

6000 E. 17 Mile Rd. Sterling Heights MI 48313
GIS | o: 586.825.7650 | c: 810.217.8041 | f: 586.825.8606 | 
dblaine2 at csc.com | www.csc.com

This is a PRIVATE message. If you are not the intended recipient, please 
delete without copying and kindly advise us by e-mail of the mistake in 
delivery. 
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to 
any order or other contract unless pursuant to explicit written agreement 
or government initiative expressly permitting the use of e-mail for such 
purpose.



"C.J. Adams-Collier" <cjac at colliertech.org> 
03/09/2009 06:28 PM

To
David W Blaine/GIS/CSC at CSC
cc
stunnel-users at mirt.net
Subject
Re: [stunnel-users] Stunnel 4.26 compile issue against openssl 0.9.8j   + 
openssl-fips-1.2





removed the call entirely?  that may not have been what you wanted to do.  
sounds like you may have been using the .h files from the wrong version?

On Mon, Mar 9, 2009 at 12:54 PM, David W Blaine <dblaine2 at csc.com> wrote:

Hi all, 


When I compile against OpenSSL 0.9.8j + OpenSSL-FIPS-1.2 module on Centos 
4.7, I get an error in client.c: 

client.o(.text+0x1dd): In function `init_ssl': 
/tmp/stunnel-4.27/src/client.c:333: undefined reference to 
`FIPS_set_prng_key' 
collect2: ld returned 1 exit status
make[1]: *** [stunnel] Error 1 
make[1]: Leaving directory `/tmp/stunnel-4.27/src' 
make: *** [all-recursive] Error 1 


It seems this call is related to a bug in OpenSSL-FIPS-1.1.1 module 
according to the comments. 

Checking the references in the includes for both OpenSSL 0.9.8j and 
OpenSSL-FIPS-1.2, I found that the call should be "fips_set_prng_key" with 
3 arguments (the above requires only 2). 

So based on the comments, I removed it and I was able to successfully 
compile and install. Not sure if that is the right thing to do??? 


Dave
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20090310/83a908de/attachment.html>


More information about the stunnel-users mailing list