[stunnel-users] Linux FIPS compile libary question

--===============0670876116==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_5AB5B7C05259B046BEE2E49E3D5FBB51055 03CF398wchqex02capwi_"

--_000_5AB5B7C05259B046BEE2E49E3D5FBB5105503CF398wch qex02capwi_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

I am compiling stunnel on Centos 5 that has a regular Openssl 0.9.8b rpm in=
stalled. I have put my FIPS openssl in /usr/local/sslfips112.

Configure with: ./configure --with-ssl=3D/usr/local/sslfips112 --enable-fip=
s --disable-libwrap

Make's linker line:
/bin/sh ../libtool --tag=3DCC --mode=3Dlink FIPSLD_CC=3Dgcc /usr/local/sslf=
ips112/bin/fipsld -g -O2 -Wall -Wshadow -Wcast-align -Wpointer-arith -I/us=
r/local/sslfips112/include -lldap -o stunnel file.o client.o log.o optio=
ns.o protocol.o network.o resolver.o ssl.o ctx.o verify.o sthreads.o stunne=
l.o auth.o pty.o libwrap.o -lz -ldl -lutil -lnsl -lpthread -L/usr/local/s=
slfips112/lib -lssl -lcrypto
FIPSLD_CC=3Dgcc /usr/local/sslfips112/bin/fipsld -g -O2 -Wall -Wshadow -Wca=
st-align -Wpointer-arith -I/usr/local/sslfips112/include -o stunnel file.o =
client.o log.o options.o protocol.o network.o resolver.o ssl.o ctx.o verify=
..o sthreads.o stunnel.o auth.o pty.o libwrap.o -lldap -lz -ldl -lutil -lns=
l -lpthread -L/usr/local/sslfips112/lib -lssl -lcrypto

This builds a stunnel that seems to run fine. During startup it says "stun=
nel is in FIPS mode." But if I run "ldd stunnel" it shows it needs /lib/li=
bssl.so.6. While stunnel is running lsof shows it has that library open al=
so. Why does my FIPS stunnel build still use the 0.9.8b shared library? S=
houldn't all of the ssl dependencies been handled by the static FIPS openss=
l library during linking? The same issue exists for libcrypt.

--_000_5AB5B7C05259B046BEE2E49E3D5FBB5105503CF398wch qex02capwi_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spreadsheet" xmlns=
:oa=3D"urn:schemas-microsoft-com:office:activation" xmlns:html=3D"http://ww=
w.w3.org/TR/REC-html40" xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope=
/" xmlns:D=3D"DAV:" xmlns:x2=3D"http://schemas.microsoft.com/office/excel/2=
003/xml" xmlns:ois=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xm=
lns:dir=3D"http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:d=
s=3D"http://www.w3.org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.micros=
oft.com/sharepoint/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc"=
xmlns:xsd=3D"http://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas=
..microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.or=
g/2001/04/xmlenc#" xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xm=
lns:sps=3D"http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http=
://www.w3.org/2001/XMLSchema-instance" xmlns:udcxf=3D"http://schemas.micros=
oft.com/data/udc/xmlfile" xmlns:wf=3D"http://schemas.microsoft.com/sharepoi=
nt/soap/workflow/" xmlns:mver=3D"http://schemas.openxmlformats.org/markup-c=
ompatibility/2006" xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/o=
mml" xmlns:mrels=3D"http://schemas.openxmlformats.org/package/2006/relation=
ships" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/services/2006/t=
ypes" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/services/2006/me=
ssages" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParag=
raphCxSpFirst
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListPar=
agraphCxSpMiddle
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagra=
phCxSpLast
{mso-style-priority:34;
mso-style-type:export-only;
margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:.5in;
line-height:115%;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
..MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1628121638;
mso-list-type:hybrid;
mso-list-template-ids:1265126200 67698703 67698713 67698715 67698703 67698=
713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal>I am compiling stunnel on Centos 5 that has a regular =
Openssl
0.9.8b rpm installed.&nbsp; I have put my FIPS openssl in /usr/local/sslfip=
s112.<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Configure with: ./configure --with-ssl=3D/usr/local/ss=
lfips112
--enable-fips --disable-libwrap<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>Make’s linker line:<o:p></o:p></p>

<p class=3DMsoNormal>/bin/sh ../libtool --tag=3DCC --mode=3Dlink FIPSLD_CC=
=3Dgcc
/usr/local/sslfips112/bin/fipsld&nbsp; -g -O2 -Wall -Wshadow -Wcast-align
-Wpointer-arith -I/usr/local/sslfips112/include&nbsp; -lldap -o
stunnel&nbsp;&nbsp; file.o client.o log.o options.o protocol.o network.o
resolver.o ssl.o ctx.o verify.o sthreads.o stunnel.o auth.o pty.o
libwrap.o&nbsp; -lz -ldl -lutil -lnsl&nbsp; -lpthread
-L/usr/local/sslfips112/lib -lssl -lcrypto<o:p></o:p></p>

<p class=3DMsoNormal>FIPSLD_CC=3Dgcc /usr/local/sslfips112/bin/fipsld -g -O=
2 -Wall
-Wshadow -Wcast-align -Wpointer-arith -I/usr/local/sslfips112/include -o
stunnel file.o client.o log.o options.o protocol.o network.o resolver.o ssl=
..o
ctx.o verify.o sthreads.o stunnel.o auth.o pty.o libwrap.o&nbsp; -lldap -lz
-ldl -lutil -lnsl -lpthread -L/usr/local/sslfips112/lib -lssl –lcrypt=
o<o:p></o:p></p>

<p class=3DMsoNormal><o:p>&nbsp;</o:p></p>

<p class=3DMsoNormal>This builds a stunnel that seems to run fine.&nbsp; Du=
ring
startup it says “<span style=3D'font-size:10.0pt;font-family:"Courier=
New";
color:#A31515'>stunnel is in FIPS mode.”&nbsp; But if I run “ld=
d
stunnel” it shows it needs /lib/libssl.so.6.&nbsp; While stunnel is
running lsof shows it has that library open also.&nbsp; Why does my FIPS st=
unnel
build still use the 0.9.8b shared library?&nbsp; Shouldn’t all of the=
ssl
dependencies been handled by the static FIPS openssl library during
linking?&nbsp; The same issue exists for libcrypt.</span><o:p></o:p></p>

</div>

</body>

</html>

--_000_5AB5B7C05259B046BEE2E49E3D5FBB5105503CF398wch qex02capwi_--

--===============0670876116==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

--===============0670876116==--