问题描述
我正在尝试安装 SoftHSM ,如此处,它需要OpenSSL.因此,我安装了OpenSSL v1.0.2j,但似乎它没有捆绑的GOST支持,或者至少我在/usr/lib/openssl/engines
中找不到libgost.so
.因此我从发现的旧版OpenSSL(v1.0.0k-2.1.x86_64)中获取了该文件,并将其放置在该文件夹中.
I'm trying to install SoftHSM as shown here, which requires OpenSSL. So I installed OpenSSL v1.0.2j, but it seems it doesn't have bundled GOST support, or at least I couldn't find libgost.so
in /usr/lib/openssl/engines
; so I took it from an older version of OpenSSL that I found (v1.0.0k-2.1.x86_64) and placed it in that folder.
然后,按照多个论坛的建议,我修改了openssl.cnf文件(在/usr/local/ssl
中).
Then, as suggested in multiple forums, I modified the file openssl.cnf (in /usr/local/ssl
).
在RANDFIL = $ENV::HOME/.rnd
之后的行中,我添加了:
In the line after RANDFIL = $ENV::HOME/.rnd
I added:
openssl_conf=openssl_def
在文件末尾:
# OpenSSL default section
[openssl_def]
engines = engine_section
# Engine section
[engine_section]
gost = gost_section
# Engine gost section
[gost_section]
engine_id = gost
dynamic_path = /usr/lib/openssl/engines/libgost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet
但是仍然在SoftHSM安装的配置阶段,它显示此错误:
But still in the configure phase of SoftHSM installation it shows this error:
checking for OpenSSL GOST support... Cannot GOST engine
configure: error: OpenSSL library has no GOST support
任何帮助将不胜感激!
如果我运行以下命令:openssl ciphers|tr ':' '\n'|grep GOST
,则输出为:Error configuring OpenSSL
If I run this command: openssl ciphers|tr ':' '\n'|grep GOST
, the output is: Error configuring OpenSSL
推荐答案
OpenSSL 1.1.0和更高版本不再包含GOST引擎. 从更改日志中:
OpenSSL 1.1.0 and later no longer include the GOST engine. From the changelog:
*) The GOST engine was out of date and therefore it has been removed. An up
to date GOST engine is now being maintained in an external repository.
See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
support for GOST ciphersuites (these are only activated if a GOST engine
is present).
[Matt Caswell]
您从OpenSSL 1.0.0k复制的GOST引擎版本可能与OpenSSL 1.1.0不兼容.在更新日志中提到的站点上获取更新的版本.
The version of the GOST engine that you copied from OpenSSL 1.0.0k is probably incompatible with OpenSSL 1.1.0. Get a newer one at the site mentioned in the changelog.
这篇关于无法在OpenSSL中启用GOST引擎支持的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!