我试图安装SoftHSM如图所示这里,这需要OpenSSL的.所以,我安装了OpenSSL v1.0.2j,但似乎它并没有捆绑GOST支持,或至少我找不到libgost.so的/usr/lib/openssl/engines; 所以我从我发现的旧版OpenSSL(v1.0.0k-2.1.x86_64)中取出它并将其放在该文件夹中.
然后,正如多个论坛所建议的那样,我修改了openssl.cnf(in /usr/local/ssl)文件.
在RANDFIL = $ENV::HOME/.rnd我添加后的行中:
openssl_conf=openssl_def
在文件的末尾:
# OpenSSL default section
[openssl_def]
engines = engine_section
# Engine section
[engine_section]
gost = gost_section
# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
但仍处于SoftHSM安装的配置阶段,它显示以下错误:
checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support
任何帮助将非常感谢!
如果我运行此命令:openssl ciphers|tr ':' '\n'|grep GOST,输出为:Error configuring OpenSSL
我也遇到了同样的情况,我能够解决它,禁用 GOST 进行安装
下载
wget https://dist.opendnssec.org/source/softhsm-2.3.0.tar.gz
tar -xzf softhsm-2.3.0.tar.gz
cd softhsm-2.3.0
禁用 GOST
./configure --disable-gost
安装
sudo make install
OpenSSL 1.1.0及更高版本不再包含GOST引擎.来自更改日志:
*) The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
[Matt Caswell]
从OpenSSL 1.0.0k复制的GOST引擎版本可能与OpenSSL 1.1.0不兼容.在更新日志中提到的站点上获取更新的.
| 归档时间: |
|
| 查看次数: |
5693 次 |
| 最近记录: |