Greetings! It seems to work. It's compatible with example provided before (xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem --verification-time "2006-04-01 00:00:00" tests/aleksey-xmldsig-01/enveloped-gost.xml is successful) and self-compatible.
On Wed, Sep 7, 2011 at 2:32 AM, Aleksey Sanin <[email protected]> wrote: > Dmitry, > > Thanks for your patch! I made a couple minor fixes and pushed the changes to > git. > I would appreciate if you try the git version to make sure everything is > good and then > I will be happy to do a release. > > Thanks again! > > Aleksey > > On 9/3/11 4:55 AM, Dmitry Belyavsky wrote: > > Greetings! > > I've found an linking error and now openssl xmlsec works with the > Russian GOST digital signature algorythm. Here is the patch. > > The only known bugfeature is related with the absence of functions > determining whether the public key only or both private and public are > available in EVP_PKEY struct in modern openssl. > > The result is compatible with gost mscrypto signature. Example test: > > apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem > --verification-time "2006-04-01 00:00:00" > tests/aleksey-xmldsig-01/enveloped-gost.xml > > works, the signature and digest are verified successfully. > > The usage of GOST algorythms requires OpenSSL 1.0 or later. It should > be configured according to README.gost instructions. The library > should be builded with --enable-gost parameter. > > I hope you'll find this patch suitable for distribution. > > Thank you! > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > -- SY, Dmitry Belyavsky _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
