configure FIPS for openssl/stunnel in compile or run time?
From Zhang Weiwu@110:110/2002 to All on Wed Dec 18 02:56:38 2013
Hello. Recently had a failure running binary distribution of stunnel on OpenSUSE 13.1, error was "FIPS mode not set". I can see 5 possibilities:
1. FIPS is set before compiling stunnel.
2. FIPS is set in run time for stunnel.
3. FIPS is set before compiling openssl.
4. FIPS is set in run time for openssl.
5. FIPS is an OS thing, had to get enterprise edition of SUSE to use it,
or getting youself a version of stunnel without it.
There is no clue which one is true, and a try-and-error would take a whole afternoon for my level. Kindly let me know how do you handle the case?
Here are background information:
The error is produced even with a blank configration file (not specifying
any section in [xxx] format):
stunnel 4.56 on x86_64-suse-linux-gnu platform
Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
Reading configuration from file /etc/stunnel/stunnel.conf
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Global options: Failed to initialize SSL
str_stats: 5 block(s), 87 data byte(s), 290 control byte(s)