On Mon, Jun 18, 2012, Nou Dadoun wrote:
> It passes "OK" with the usual verify utility but that's not surprising since
> it passes verification if I'm not using FIPS, I don't imagine there's any
> way to force the verify utility to use the FIPS routines; in any case, I'm
> happy to send them to yo
offline ... N
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: June 18, 2012 11:58 AM
To: openssl-users@openssl.org
Subject: Re: FIPS doesn't verify cer
On Mon, Jun 18, 2012, Nou Dadoun wrote:
> Sorry accidentally hit send, the oddity is (as I mentioned before) that
> comparable certificates with larger keys using the same signing algorithm
> pass verification. E.g. this one is passing:
>
Can you reproduce this using the "verify" utility and t
.
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
-Original Message-
From: Nou Dadoun
Sent: June 18, 2012 11:06 AM
To: 'openssl-users@openssl.org'
Subject: RE: FIPS doesn't verify certificate with 1024-bit keys
Here's the certificate which is failing:
C
-1215
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: June 18, 2012 10:45 AM
To: openssl-users@openssl.org
Subject: Re: FIPS doesn't verify certificate with 1024-bit keys
On Mon, Jun 18, 2012, Nou Da
On Mon, Jun 18, 2012, Nou Dadoun wrote:
>
> Why is it failing with the fips library and passing with the non-fips library
> - does it have anything to do with the 1024 bit key? (i.e. 2048 and 4096-key
> certs both work, and the ca cert has a 2048-bit key)
>
Do you get an additional error from
