GOST in OPENSSL_BASE
Jung-uk Kim
jkim at FreeBSD.org
Mon Jul 11 18:02:35 UTC 2016
On 07/10/16 09:30 AM, Slawa Olhovchenkov wrote:
> I am surprised lack of support GOST in openssl-base.
> Can be this enabled before 11.0 released?
It works for me, I think. The following change was all I need to enable
the engine:
--- /etc/ssl/openssl.cnf.orig
+++ /etc/ssl/openssl.cnf
@@ -13,6 +13,21 @@
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
+# GOST
+openssl_conf = openssl_def
+
+[openssl_def]
+engines = engine_section
+
+[engine_section]
+gost = gost_section
+
+[gost_section]
+engine_id = gost
+dynamic_path = /usr/lib/engines/libgost.so
+default_algorithms = ALL
+CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
+
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
Please see the README file for more info:
https://svnweb.freebsd.org/base/head/crypto/openssl/engines/ccgost/README.gost?revision=238405&view=co
Jung-uk Kim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20160711/51eeee5b/attachment.sig>
More information about the freebsd-current
mailing list