无法在OpenSSL中启用GOST引擎支持 | 无法在OpenSSL中启用GOST引擎支持

本文介绍了无法在OpenSSL中启用GOST引擎支持的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在尝试安装 SoftHSM ，如此处，它需要OpenSSL.因此，我安装了OpenSSL v1.0.2j，但似乎它没有捆绑的GOST支持，或者至少我在/usr/lib/openssl/engines中找不到libgost.so.因此我从发现的旧版OpenSSL(v1.0.0k-2.1.x86_64)中获取了该文件，并将其放置在该文件夹中.

I'm trying to install SoftHSM as shown here, which requires OpenSSL. So I installed OpenSSL v1.0.2j, but it seems it doesn't have bundled GOST support, or at least I couldn't find libgost.so in /usr/lib/openssl/engines; so I took it from an older version of OpenSSL that I found (v1.0.0k-2.1.x86_64) and placed it in that folder.

然后，按照多个论坛的建议，我修改了openssl.cnf文件(在/usr/local/ssl中).

Then, as suggested in multiple forums, I modified the file openssl.cnf (in /usr/local/ssl).

在RANDFIL = $ENV::HOME/.rnd之后的行中，我添加了:

In the line after RANDFIL = $ENV::HOME/.rnd I added:

openssl_conf=openssl_def

在文件末尾:

# OpenSSL default section
[openssl_def]
engines = engine_section

# Engine section
[engine_section]
gost = gost_section

# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet

但是仍然在SoftHSM安装的配置阶段，它显示此错误:

But still in the configure phase of SoftHSM installation it shows this error:

checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support

任何帮助将不胜感激！

如果我运行以下命令:openssl ciphers|tr ':' '\n'|grep GOST，则输出为:Error configuring OpenSSL

If I run this command: openssl ciphers|tr ':' '\n'|grep GOST, the output is: Error configuring OpenSSL

推荐答案

OpenSSL 1.1.0和更高版本不再包含GOST引擎. 从更改日志中:

OpenSSL 1.1.0 and later no longer include the GOST engine. From the changelog:

  *) The GOST engine was out of date and therefore it has been removed. An up
     to date GOST engine is now being maintained in an external repository.
     See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
     support for GOST ciphersuites (these are only activated if a GOST engine
     is present).
     [Matt Caswell]

您从OpenSSL 1.0.0k复制的GOST引擎版本可能与OpenSSL 1.1.0不兼容.在更新日志中提到的站点上获取更新的版本.

The version of the GOST engine that you copied from OpenSSL 1.0.0k is probably incompatible with OpenSSL 1.1.0. Get a newer one at the site mentioned in the changelog.

这篇关于无法在OpenSSL中启用GOST引擎支持的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！