| Summary: | net-misc/stunnel automagically enables FIPS mode (should probably use $(use_enable fips) | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jeroen Roovers (RETIRED) <jer> |
| Component: | Current packages | Assignee: | Anthony Basile <blueness> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openssl.org/docs/fips/fipsnotes.html | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 460278 | ||
|
Description
Jeroen Roovers (RETIRED)
2013-07-13 02:27:53 UTC
(In reply to Jeroen Roovers from comment #0) > # /etc/init.d/stunnel start > * /run/stunnel: correcting mode > * /run/stunnel: correcting owner > * Starting stunnel ... > Clients allowed=500 > stunnel 4.56 on hppa2.0-unknown-linux-gnu platform > Compiled/running with OpenSSL 1.0.1c 10 May 2012 > Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP > Reading configuration from file /etc/stunnel/stunnel.conf > FIPS_mode_set: F06D065: error:0F06D065:common libcrypto > routines:FIPS_mode_set:fips mode not supported > Line 58: "[https]": Failed to initialize SSL > str_stats: 5 block(s), 91 data byte(s), 210 control byte(s) > * start-stop-daemon: failed to start `/usr/bin/stunnel' > * Failed to start stunnel [ !! ] > * ERROR: stunnel failed to start > > According to [URL] I probably don't need FIPS mode. You do not need FIPS and we force disable it in all openssl builds. So we force disable it in stunnel. I think this needs a revision bump. Note that the installed files would change and that without the fix, stunnel very probably fails at runtime. (In reply to Jeroen Roovers from comment #2) > I think this needs a revision bump. Note that the installed files would > change and that without the fix, stunnel very probably fails at runtime. It does indeed fail at runtime. I rev bumped. Thanks. |