On Mon, Jun 18, 2012, Nou Dadoun wrote:
> It passes "OK" with the usual verify utility but that's not surprising since
> it passes verification if I'm not using FIPS, I don't imagine there's any
> way to force the verify utility to use the FIPS routines; in any case, I'm
> happy to send them to yo
offline ... N
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: June 18, 2012 11:58 AM
To: openssl-users@openssl.org
Subject: Re: FIPS doesn't verify cer
On Mon, Jun 18, 2012, Nou Dadoun wrote:
> Sorry accidentally hit send, the oddity is (as I mentioned before) that
> comparable certificates with larger keys using the same signing algorithm
> pass verification. E.g. this one is passing:
>
Can you reproduce this using the "verify" utility and t
.
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
-Original Message-
From: Nou Dadoun
Sent: June 18, 2012 11:06 AM
To: 'openssl-users@openssl.org'
Subject: RE: FIPS doesn't verify certificate with 1024-bit keys
Here's the certificate which is failing:
C
-1215
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: June 18, 2012 10:45 AM
To: openssl-users@openssl.org
Subject: Re: FIPS doesn't verify certificate with 1024-bit keys
On Mon, Jun 18, 2012, Nou Da
On Mon, Jun 18, 2012, Nou Dadoun wrote:
>
> Why is it failing with the fips library and passing with the non-fips library
> - does it have anything to do with the 1024 bit key? (i.e. 2048 and 4096-key
> certs both work, and the ca cert has a 2048-bit key)
>
Do you get an additional error from
Odd problem, I've been overhauling our x509 certificate handling and I've run
into an issue where the standard openssl x509 verification mechanism fails to
verify a certificate with a 1024-bit key when run with the FIPS version of the
library loaded but which verifies it with the non-FIPS versio
