Re: FIPS-capable curl: Solaris 9 - fingerprint does not match

Dr. Stephen Henson Thu, 25 Sep 2008 10:28:57 -0700

On Thu, Sep 25, 2008, joshi chandran wrote:

> I am trying to test the Fips capable openssl and when i am testing it i am
> getting some error
> 
> openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform
> PEM
> 
> Generating a 2048 bit RSA private key
> ....................................................................................+++
> ......+++
> writing new private key to '//exampleca/private/cakey.pem'
> Enter PEM pass phrase:
> Verifying - Enter PEM pass phrase:
> -----
> digest.c(150): OpenSSL internal error, assertion failed: Digest update
> previous FIPS forbidden algorithm error ignored
> IOT/Abort trap(coredump)
>


What version of OpenSSL are you using to produce that error?

Do you have the environment variable OPENSSL_FIPS=1 when you call that
command?

Does your config file openssl.cnf use MD5 as a signing algorithm? If so you
need to change it to SHA1.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Re: FIPS-capable curl: Solaris 9 - fingerprint does not match

Reply via email to