According to the stunnel configuration guide
http://www.stunnel.org/faq/stunnel.html
you can disable fips check in stunnel config
fips = no
If this works, then the stunnel that is built using the suse build
service I can add a patch to turn fips off by default. I did try to
build stunnel 4.26 on the suse build service and I ran into a build
issue
FIPSLD_CC=gcc /usr/bin/fipsld -O2 -g -m64 -mtune=generic -Wall
-Wshadow -Wcast-align -Wpointer-arith -I/usr/include -o stunnel file.o
client.o log.o options.o protocol.o network.o resolver.o ssl.o ctx.o
verify.o sthreads.o stunnel.o pty.o libwrap.o -lz -ldl -lutil -lnsl
-lpthread -L/usr/lib -lssl -lcrypto -lwrap
../libtool: line 4792: /usr/bin/fipsld: No such file or directory
but i suspect it is because CentOS 5.4 which uses openssl-0.9.8e-12.
Rather than backing down openssl version as well, I think the better
answer would be to try to get stunnel 4.28 to work which does seem to
compile on CentOS 5.4. I currently don't have a HA setup to test on,
so any help would be appreciated.
Why sipx fails to validates it's certs is another story that requires
investigation and I can open a jira issue should folks agree.
_______________________________________________
sipx-users mailing list [email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users
Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-users
sipXecs IP PBX -- http://www.sipfoundry.org/
