Dmitry Belyavsky wrote:
Greetings!
On Thu, Sep 8, 2011 at 8:43 PM, Roumen Petrov<[email protected]> wrote:
Dmitry Belyavsky wrote:
Greetings!
It seems to work. It's compatible with example provided before
(xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
--verification-time "2006-04-01 00:00:00"
tests/aleksey-xmldsig-01/enveloped-gost.xml is successful) and
self-compatible.
On Wed, Sep 7, 2011 at 2:32 AM, Aleksey Sanin<[email protected]> wrote:
[SNIP]
Which openssl version for first time offer GOST support, even as externally
maintained patch ?
If first is 0.9.8 I think that xmlsec regression test could be automated .
Unfortunately, no. You need 1.0 version with gost engine enabled
through the openssl.cnf file according to README.gost file.
So I'm not familiar with status of GOST support in OpenSSL . Internet
search point to page on cryptocom.ru where is listed patch for openssl
0.9.8.
I cannot found earlier version.
BTW, does anybody really need th pre-0.9.8 version of the OpenSSL
library (and its support)?
May be nobody . I ask because openssl engine configuration is different
between openssl version 0.9.7 and 0.9.8+.
So following the guide README.gost I do this
$ cd [XMLSEC_TOP_BUILD_DIR]
$ cat openssl.cnf
openssl_conf = openssl_def
[ openssl_def ]
engines = engine_section
[ engine_section ]
gost = gost_section
[ gost_section ]
#engine_id = gost
#dynamic_path = /usr/lib/ssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
$ OPENSSL_CONF=`pwd`/openssl.cnf \
make check
An result is this (extract from console log):
......
--------- These tests CAN FAIL (extra OS config required) ----------
aleksey-xmldsig-01/enveloped-gost
Checking required transforms OK
Checking required key data OK
Verify existing signature OK
.......
With above I confirm that xlsec test could be fully automated.
Tested with openssl 1.0.0e, dynamic engine build including GOST engine.
Regards,
Roumen
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
