gpt4 book ai didi

openssl - 无法在 OpenSSL 中启用 GOST 引擎支持

转载 作者:行者123 更新时间:2023-12-02 14:49:29 28 4
gpt4 key购买 nike

我正在尝试安装SoftHSM如图here ,这需要 OpenSSL。所以我安装了OpenSSL v1.0.2j,但它似乎没有捆绑GOST支持,或者至少我在/usr/lib/openssl/中找不到libgost.so引擎;所以我从我找到的旧版本 OpenSSL (v1.0.0k-2.1.x86_64) 中取出它并将其放在该文件夹中。

然后,按照多个论坛的建议,我修改了文件 openssl.cnf (在 /usr/local/ssl 中)。

RANDFIL = $ENV::HOME/.rnd 之后的行中,我添加了:

openssl_conf=openssl_def

在文件末尾:

# OpenSSL default section
[openssl_def]
engines = engine_section

# Engine section
[engine_section]
gost = gost_section

# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

但仍在 SoftHSM 安装的配置阶段,它显示此错误:

checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support

任何帮助将不胜感激!

如果我运行此命令:openssl ciphers|tr ':' '\n'|grep GOST,输出为:配置 OpenSSL 时出错

最佳答案

OpenSSL 1.1.0 及更高版本不再包含 GOST 引擎。 From the changelog:

  *) The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
[Matt Caswell]

您从 OpenSSL 1.0.0k 复制的 GOST 引擎版本可能与 OpenSSL 1.1.0 不兼容。在变更日志中提到的站点获取更新的版本。

关于openssl - 无法在 OpenSSL 中启用 GOST 引擎支持,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40009269/

28 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com