无法在 OpenSSL 中启用 GOST 引擎支持
Can't enable GOST engine support in OpenSSL
我正在尝试安装 SoftHSM as shown here,这需要 OpenSSL。所以我安装了 OpenSSL v1.0.2j,但它似乎没有捆绑的 GOST 支持,或者至少我在 /usr/lib/openssl/engines 中找不到 libgost.so;所以我从我发现的旧版本 OpenSSL (v1.0.0k-2.1.x86_64) 中取出它并将它放在那个文件夹中。
然后,按照多个论坛的建议,我修改了文件 openssl.cnf(在 /usr/local/ssl 中)。
在 RANDFIL = $ENV::HOME/.rnd 之后的行中我添加了:
openssl_conf=openssl_def
并在文件末尾:
# OpenSSL default section
[openssl_def]
engines = engine_section
# Engine section
[engine_section]
gost = gost_section
# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
但仍处于 SoftHSM 安装的配置阶段,它显示此错误:
checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support
非常感谢任何帮助!
如果我运行这个命令:openssl ciphers|tr ':' '\n'|grep GOST,输出是:Error configuring OpenSSL
OpenSSL 1.1.0 及更高版本不再包含 GOST 引擎。 From the changelog:
*) The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
[Matt Caswell]
您从 OpenSSL 1.0.0k 复制的 GOST 引擎版本可能与 OpenSSL 1.1.0 不兼容。在更改日志中提到的站点获取更新的。
我也遇到了同样的情况,我能够解决它,为安装禁用 GOST
下载
wget https://dist.opendnssec.org/source/softhsm-2.3.0.tar.gz
tar -xzf softhsm-2.3.0.tar.gz
cd softhsm-2.3.0
禁用 GOST
./configure --disable-gost
安装
sudo make install
我正在尝试安装 SoftHSM as shown here,这需要 OpenSSL。所以我安装了 OpenSSL v1.0.2j,但它似乎没有捆绑的 GOST 支持,或者至少我在 /usr/lib/openssl/engines 中找不到 libgost.so;所以我从我发现的旧版本 OpenSSL (v1.0.0k-2.1.x86_64) 中取出它并将它放在那个文件夹中。
然后,按照多个论坛的建议,我修改了文件 openssl.cnf(在 /usr/local/ssl 中)。
在 RANDFIL = $ENV::HOME/.rnd 之后的行中我添加了:
openssl_conf=openssl_def
并在文件末尾:
# OpenSSL default section
[openssl_def]
engines = engine_section
# Engine section
[engine_section]
gost = gost_section
# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
但仍处于 SoftHSM 安装的配置阶段,它显示此错误:
checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support
非常感谢任何帮助!
如果我运行这个命令:openssl ciphers|tr ':' '\n'|grep GOST,输出是:Error configuring OpenSSL
OpenSSL 1.1.0 及更高版本不再包含 GOST 引擎。 From the changelog:
*) The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
[Matt Caswell]
您从 OpenSSL 1.0.0k 复制的 GOST 引擎版本可能与 OpenSSL 1.1.0 不兼容。在更改日志中提到的站点获取更新的。
我也遇到了同样的情况,我能够解决它,为安装禁用 GOST
下载
wget https://dist.opendnssec.org/source/softhsm-2.3.0.tar.gz
tar -xzf softhsm-2.3.0.tar.gz
cd softhsm-2.3.0
禁用 GOST
./configure --disable-gost
安装
sudo make install