Hi,
I have couple of queries pertaining to what it means by violating
OpenSSL FIPS Security Policy.
We recently moved to FIPS enabled OpenSSL successfully. My concern is
whether certificates generated by earlier versions of our product,
which used non-FIPS enabled OpenSSL, can be used in FIPS ena
I'm looking for something like:
ERR_report_oneoff_error(const char *func, const char *reason, int line,
const char *file)
that I could use without having to define structures like the following
or calling Err_load_strings and Err_unload_strings:
static ERR_STRING_DATA BIO_str_functs[]=
{
{ER
Hello,
I would like to know whether any one have seen FIPS self-test failures on
the platforms you work on assuming that the code has been properly ported i.e.
failures found during porting do not count.
Thank you,
- Pandit
You are right. A trusted list of server names at the client (hard coded in a
config file) would be sufficient. The only downside of it would be for the
domain admin to touch up this file each time he/she modifies the LDAP SRV
list in DNS. Also note that we have absolutely no control on what goes in
On Wed, Aug 25, 2010, Toms Tormo wrote:
>
> Honestly, I have no idea what I'm doing wrong.. I've checked all the
> requirements OpenSSL needs and the certificates fulfill them all...
>
> Could you please help me? I'm getting desperate...
>
Firstly thank you for the extensive debug information, al
Greetings
I'm are trying to configure apache with client authentication using some
commercial certificates, but we are getting troubles with it. In Apache
logs we can see the following error *Certificate Verification: Error
(20): unable to get local issuer certificate*
I tried to verify the
