I am now getting through and Cosign seems to be working at this time. I
will follow up with a few other issues and will update post with final
status shortly.
Thank you for all your help.
Shawn Rahl
Unix Administrator
Dental Informatics, School of Dentistry
University of Michigan
sr...@umich.edu
On Fri, Aug 17, 2012 at 11:24 AM, Mark Montague <m...@catseye.org> wrote:
> On August 17, 2012 11:00 , Phil Pishioneri <p...@psu.edu> wrote:
>
>> Starting with version 1 of openssl, it uses a different algorithm to
>> compute the hash. You can get the old and new values from it:
>>
>> pgp$ /opt/local/bin/openssl x509 -subject_hash -subject_hash_old -noout
>> -in umwebCA.pem
>> 5cc1e784
>> 4700e8dd
>>
>
> D'oh! Thanks, Phil, I think you've hit the nail on the head. I had no
> idea that OpenSSL had changed their hash algorithm.
>
> Shawn, what version of the OpenSSL libraries are your installations of
> mod_cosign and mod_ssl linked against? And is this from the same version
> of OpenSSL that the "openssl" executable is from?
>
> [root@minos certs]# ldd /usr/lib64/httpd/modules/mod_**cosign.so | grep
> ssl
> libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f7910dd4000)
> [root@minos certs]# ldd /usr/lib64/httpd/modules/mod_**ssl.so | grep ssl
> libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f6e0e383000)
> [root@minos certs]# rpm -q -f /usr/lib64/libssl.so.10
> openssl-1.0.0-20.el6_2.5.x86_**64
> [root@minos certs]# openssl version
> OpenSSL 1.0.0-fips 29 Mar 2010
> [root@minos certs]#
>
> If all three use the same OpenSSL version and you still have a problem,
> then the hash symlink is not the problem and we'll have to look elsewhere.
>
> On the other hand, if you are using one version of OpenSSL for either
> mod_cosign or mod_ssl and a different version of OpenSSL for the "openssl"
> executable, then the problem is definitely the hash symlink and you should
> probably use the same version of OpenSSL from the command line that you're
> using to compile mod_cosign.
>
> --
> Mark Montague
> m...@catseye.org
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
