On Thu, Sep 25, 2008, joshi chandran wrote: > I am trying to test the Fips capable openssl and when i am testing it i am > getting some error > > openssl req -x509 -newkey rsa:2048 -out $HOME/exampleca/cacert.pem -outform > PEM > > Generating a 2048 bit RSA private key > ....................................................................................+++ > ......+++ > writing new private key to '//exampleca/private/cakey.pem' > Enter PEM pass phrase: > Verifying - Enter PEM pass phrase: > ----- > digest.c(150): OpenSSL internal error, assertion failed: Digest update > previous FIPS forbidden algorithm error ignored > IOT/Abort trap(coredump) >
What version of OpenSSL are you using to produce that error? Do you have the environment variable OPENSSL_FIPS=1 when you call that command? Does your config file openssl.cnf use MD5 as a signing algorithm? If so you need to change it to SHA1. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]