On 07/10/16 09:30 AM, Slawa Olhovchenkov wrote: > I am surprised lack of support GOST in openssl-base. > Can be this enabled before 11.0 released? It works for me, I think. The following change was all I need to enable the engine: --- /etc/ssl/openssl.cnf.orig +++ /etc/ssl/openssl.cnf _at__at_ -13,6 +13,21 _at__at_ #oid_file = $ENV::HOME/.oid oid_section = new_oids +# GOST +openssl_conf = openssl_def + +[openssl_def] +engines = engine_section + +[engine_section] +gost = gost_section + +[gost_section] +engine_id = gost +dynamic_path = /usr/lib/engines/libgost.so +default_algorithms = ALL +CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet + # To use this configuration file with the "-extfile" option of the # "openssl x509" utility, name here the section containing the # X.509v3 extensions to use: Please see the README file for more info: https://svnweb.freebsd.org/base/head/crypto/openssl/engines/ccgost/README.gost?revision=238405&view=co Jung-uk Kim
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:06 UTC