Hi, I was having same error on x86. Then I have read this and followed the instructions written on this post, then it has worked successfully. Please have a look at this :
http://www.mail-archive.com/[email protected]/msg68085.html Regards Mehmet 2013/7/8 Ondrej Hrebicek <[email protected]> > Hello stunnel users, > > I'm trying to compile stunnel 4.56 with FIPS support on Ubuntu 12.04. > Always end up with the infamous "fingerprint does not match" error. I can't > figure out what I'm doing wrong. > > 1. Download openssl-fips-2.0.2.tar.gz, unpack, ./config, make, and sudo > make install (as specified in > http://www.openssl.org/docs/fips/UserGuide-2.0.pdf) > > 2. Download openssl-1.0.1e.tar.gz, unpack, ./config fips > --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ > --with-fipsdir=/usr/local/ssl/fips-2.0/, make depend, make, and sudo make > install > > 3. At this point, openssl is working in FIPS mode: > > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl version > OpenSSL 1.0.1e-fips 11 Feb 2013 > > > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl sha1 c_rehash > SHA1(c_rehash)= 5af9e1479950bbbd9d3304c181b3f802c54f64fd > > > OPENSSL_FIPS=1 /usr/local/ssl/bin/openssl md5 c_rehash > Error setting digest md5 > 139806582736544:error:060A80A3:digital envelope > routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: > > 4. Download stunnel-4.56.tar.gz, unpack, ./configure --enable-fips > --with-ssl=/usr/local/ssl, make, and sudo make install > > 5. While configuring and building stunnel completes as expected, the > following does appear in ./configure's output: > > checking whether to enable FIPS mode support... yes > configure: **************************************** SSL > checking for SSL directory... /usr/local/ssl > checking /usr/local/ssl/include/openssl/engine.h usability... yes > checking /usr/local/ssl/include/openssl/engine.h presence... yes > checking for /usr/local/ssl/include/openssl/engine.h... yes > checking /usr/local/ssl/include/openssl/ocsp.h usability... yes > checking /usr/local/ssl/include/openssl/ocsp.h presence... yes > checking for /usr/local/ssl/include/openssl/ocsp.h... yes > checking /usr/local/ssl/include/openssl/fips.h usability... no > checking /usr/local/ssl/include/openssl/fips.h presence... no > checking for /usr/local/ssl/include/openssl/fips.h... no > configure: WARNING: OpenSSL fips header not found > > This is not entirely unexpected as fips.h only exists > in /usr/local/ssl/fips-2.0/include/openssl. > > 6. Running stunnel however fails: > > > /usr/local/bin/stunnel > Clients allowed=500 > stunnel 4.56 on x86_64-unknown-linux-gnu platform > Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013 > Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS > Reading configuration from file /usr/local/etc/stunnel/stunnel.conf > FIPS_mode_set: 2D06B06F: error:2D06B06F:FIPS > routines:FIPS_check_incore_fingerprint:fingerprint does not match > Line 61: "[pop3s]": Failed to initialize SSL > str_stats: 5 block(s), 120 data byte(s), 290 control byte(s) > > I can't figure out what's causing this, hoping someone on the list may > have a couple suggestions. Thanks in advance! > > _______________________________________________ > stunnel-users mailing list > [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
