[openssl-users] (2013) : PKCS12 keystore creation failing in fips mode (RT3515)

jonetsu jonetsu at teksavvy.com
Wed Nov 11 16:27:02 UTC 2015


Hello,


There is a thread in 2013 (30 May 03:15) in which Steve writes that OpenSSL 1.0.1 has a bug regarding the use of PKCS12 in FIPS mode since it tries to handle a certificate using a non-FIPS component.  I think I found the commit that fixes this, although it is part of a quite huge commit of 33,065 lines (7e1b7485706c2b11091b5fa897fe496a2faa56cc) done earlier this year.  


There is perhaps a simpler commit that fixes only this issue (92830dc1ca0bb2d12bf05a12ebb798709595fa5a) although I can't see the commit in the git tree I have fetched last week, even by branching to remotes/origin/OpenSSL_1_0_1-stable.


We are using 1.0.1.e.  My question is, was bug RT3515 included in a later 1.0.1 release ?  If so, which one ?


(If you can also clear up why the patch is not seen... :)


Much appreciated, thanks.





More information about the openssl-users mailing list