Prevent concurrent operator in FIPS mode

Hello, The security policy of states that the module does not allow concurrent operators. How does API prevent concurrent operator? Thank you, -Pandit

Re: [openssl verify] [lookup:unable to get issuer certificate]

Can someone please shed some light on this? This are the test-certificates I have been using. I figured it out: $ man 1 verify [...] -CAfile file: A file of trusted certificates. The file should contain multiple certificates in PEM format concatenated together. [...] $ cat rootCA.crt

Re: Prevent concurrent operator in FIPS mode

The API does not prevent concurrent operators. The guidance from the CMVP is that an application (even if operated by a webserver on behalf of someone else) is an operator for purposes of determining compliance with that restriction. Of course, the CMVP seems to want to reduce the functionality

RE: Prevent concurrent operator in FIPS mode

-Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Kyle Hamilton Sent: Wednesday, August 19, 2009 10:42 AM To: openssl-users@openssl.org Subject: Re: Prevent concurrent operator in FIPS mode The API does not prevent concurrent

Re: Howto create a certificate for multiple domains?

Hi Goetz, *, There is the man page x509v3_config. It should contain the info you need. A hint: x509v3_config describes data found in the openssl.cnf file. So this data is used on creating a certificate / CSR... well I have created a certificate with all neccessary data. At least I think

Help debugging Failed to parse ca_cert_blob

Hello! I'm trying to connect to a WPA2 EAP network via NetworkManager and get the following error in the wpa_supplicant log. I searched for Failed to parse ca_cert_blob on google but did not find anything useful. I'm not familiar with openssl but to me it looks like there are issues with

RE: ecdsa public key output

How did you make your EC certificates? Here is the result (truncated as yours is) by using OpenSSL - I had to use a Name Constraint and a prime curve @ 384 for a proof-of-concept: ... Subject Public Key Info: Public Key Algorithm: id-ecPublicKey EC Public Key: pub:

Re: Prevent concurrent operator in FIPS mode

I would like to get a clarification. The OpenSSL Security Policy version 1.2 states the followings. Only one role may be active at a time and the Module does not allow concurrent operators. Do you mean the Module does not have any prevention for conncurrent operators and it depends on the

Re: Prevent concurrent operator in FIPS mode

The API does not have any mechanism for enforcing a lack of concurrency. Each system that the FIPS module goes into is supposed to be custom-built, anyway, so that the entire thing adheres to FIPS 140-2 processing policies. -Kyle H On Wed, Aug 19, 2009 at 4:55 PM, Pandit