Hello,
The security policy of states that the module does not allow concurrent
operators. How does API prevent concurrent operator?
Thank you,
-Pandit
Can someone please shed some light on this? This are the
test-certificates I have been using.
I figured it out:
$ man 1 verify
[...]
-CAfile file: A file of trusted certificates. The file should contain
multiple certificates in PEM format concatenated together.
[...]
$ cat rootCA.crt
The API does not prevent concurrent operators. The guidance from the
CMVP is that an application (even if operated by a webserver on behalf
of someone else) is an operator for purposes of determining compliance
with that restriction.
Of course, the CMVP seems to want to reduce the functionality
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Kyle Hamilton
Sent: Wednesday, August 19, 2009 10:42 AM
To: openssl-users@openssl.org
Subject: Re: Prevent concurrent operator in FIPS mode
The API does not prevent concurrent
Hi Goetz, *,
There is the man page x509v3_config.
It should contain the info you need.
A hint: x509v3_config describes data found in the openssl.cnf file.
So this data is used on creating a certificate / CSR...
well I have created a certificate with all neccessary data. At least I think
Hello!
I'm trying to connect to a WPA2 EAP network via NetworkManager and get the
following error in the wpa_supplicant log. I searched for Failed to parse
ca_cert_blob on google but did not find anything useful.
I'm not familiar with openssl but to me it looks like there are issues with
How did you make your EC certificates?
Here is the result (truncated as yours is) by using OpenSSL - I had to
use a Name Constraint and a prime curve @ 384 for a proof-of-concept:
...
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
EC Public Key:
pub:
I would like to get a clarification. The OpenSSL Security Policy version 1.2
states the followings.
Only one role may be active at a time and the Module does not allow
concurrent operators.
Do you mean the Module does not have any prevention for conncurrent operators
and it depends on the
The API does not have any mechanism for enforcing a lack of concurrency.
Each system that the FIPS module goes into is supposed to be
custom-built, anyway, so that the entire thing adheres to FIPS 140-2
processing policies.
-Kyle H
On Wed, Aug 19, 2009 at 4:55 PM, Pandit