It passes "OK" with the usual verify utility but that's not surprising since it passes verification if I'm not using FIPS, I don't imagine there's any way to force the verify utility to use the FIPS routines; in any case, I'm happy to send them to you offline ... N
--- Nou Dadoun ndad...@teradici.com 604-628-1215 -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: June 18, 2012 11:58 AM To: openssl-users@openssl.org Subject: Re: FIPS doesn't verify certificate with 1024-bit keys On Mon, Jun 18, 2012, Nou Dadoun wrote: > Sorry accidentally hit send, the oddity is (as I mentioned before) that > comparable certificates with larger keys using the same signing algorithm > pass verification. E.g. this one is passing: > Can you reproduce this using the "verify" utility and the -verbose option? If so please post the certificates, privately to me if you wish. Note that the signature on the root CA is not checked by default so it can use any signature algorithm. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
