RE: openssl fips patch for RSA Key Gen (186-4)

2021-01-05 Thread Michael Wojcik
> From: openssl-users On Behalf Of Matt > Caswell > Sent: Tuesday, 5 January, 2021 09:35 > > On 05/01/2021 11:41, y vasavi wrote: > > > > We currently FOM 2.0 module for FIPS certification. > > It doesn't have support for RSA Key generation(186-4) > > > > Are there any patches available ? > > Defi

Re: openssl fips patch for RSA Key Gen (186-4)

2021-01-05 Thread Marcus Meissner
On Tue, Jan 05, 2021 at 04:34:36PM +, Matt Caswell wrote: > > > On 05/01/2021 11:41, y vasavi wrote: > > > > Hi All, > > > > We currently FOM 2.0 module for FIPS certification. > > It doesn't have support for RSA Key generation(186-4) > > > > Are there any patches available ? > > Definite

Re: private key not available for client_cert_cb

2021-01-05 Thread Jan Just Keijser
Hi, On 05/01/21 07:39, George wrote: Hi,     I was looking at the  code in https://github.com/jjkeijser/ppp/blob/eap-tls/pppd/eap-tls.c and realized I forgot to call ENGINE_ctrl_cmd(...) to setup "LOAD_CERT_CTRL". However, when I do this, the callback function is no longer being called duri

Re: openssl fips patch for RSA Key Gen (186-4)

2021-01-05 Thread Matt Caswell
On 05/01/2021 11:41, y vasavi wrote: > > Hi All, > > We currently FOM 2.0 module for FIPS certification. > It doesn't have support for RSA Key generation(186-4) > > Are there any patches available ? Definitely there are no official ones (I'm also not aware of any unofficial ones). The 3.0 m

Re: Verify a certificate

2021-01-05 Thread Bernhard Fröhlich
Hello, just in case you want to check a webserver installation (which is not explicitly mentioned in Viktor's answer) I want to add this... In this case (IMHO) the s_client tool of openssl can do what you need. Try     openssl s_client -connect yourhost.example.org:443 -CAfile SpecialCAFile.

Re: Verify a certificate

2021-01-05 Thread Viktor Dukhovni
On Tue, Jan 05, 2021 at 01:43:12PM +0100, Yassine Chaouche wrote: > How do I detect this error with openssl tools ? are there > tools that print issuer and subject of each certificate in > a chain ? If, by chain, you mean a PEM file with one or more X509 certificates, then yes. Suppose the file

Verify a certificate

2021-01-05 Thread Yassine Chaouche
Dear list, I would like to learn how to use openssl tools to make sure a chained certificate is valid ? example : Let's say I got the Cert certificate signed by Intermdiate X, but by making the full chain certificate I inadvertly inserted Intermediate Y instead of X. The (broken) certificate ch

openssl fips patch for RSA Key Gen (186-4)

2021-01-05 Thread y vasavi
Hi All, We currently FOM 2.0 module for FIPS certification. It doesn't have support for RSA Key generation(186-4) Are there any patches available ? Thanks, Vasavi.