[stunnel-users] stunnel with FIPS and SIGHUP
Michal Trojnara
Michal.Trojnara at mirt.net
Sat Jan 15 20:28:30 CET 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Lambert wrote:
> With the suggested fix, it would look as follows:
>
> int ssl_configure(void) { /* configure global SSL settings */
> #ifdef USE_FIPS
> FIPS_mode_set(0);
> RAND_set_rand_method(NULL);
> if(!FIPS_mode_set(global_options.option.fips)) {
> ERR_load_crypto_strings();
> sslerror("FIPS_mode_set");
> return 0;
> }
> s_log(LOG_NOTICE, "FIPS mode %s",
> global_options.option.fips ? "enabled" : "disabled");
> #endif /* USE_FIPS */
> :
> :
> }
>
> Does the above seem reasonable. Could this change, or some other
> modification which would support using SIGHUP with FIPS, be
> considered for a future stunnel update?
What about:
#ifdef USE_FIPS
if(FIPS_mode()!=global_options.option.fips) {
RAND_set_rand_method(NULL); /* reset RAND methods */
if(!FIPS_mode_set(global_options.option.fips)) {
ERR_load_crypto_strings();
sslerror("FIPS_mode_set");
return 0;
}
s_log(LOG_NOTICE, "FIPS mode %s",
global_options.option.fips ? "enabled" : "disabled");
}
#endif /* USE_FIPS */
?
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAk0x9V8ACgkQ/NU+nXTHMtHadQCgyoxGzwuGW8GbDqTu9DCqyba4
WbcAoKIw/zrddw9HUoAR519n281oXbJt
=oxtU
-----END PGP SIGNATURE-----
More information about the stunnel-users
mailing list