[xmlsec] OpenSSL Gost support - final patch
beldmit at gmail.com
Tue Sep 6 20:52:16 PDT 2011
It seems to work. It's compatible with example provided before
(xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
--verification-time "2006-04-01 00:00:00"
tests/aleksey-xmldsig-01/enveloped-gost.xml is successful) and
On Wed, Sep 7, 2011 at 2:32 AM, Aleksey Sanin <aleksey at aleksey.com> wrote:
> Thanks for your patch! I made a couple minor fixes and pushed the changes to
> I would appreciate if you try the git version to make sure everything is
> good and then
> I will be happy to do a release.
> Thanks again!
> On 9/3/11 4:55 AM, Dmitry Belyavsky wrote:
> I've found an linking error and now openssl xmlsec works with the
> Russian GOST digital signature algorythm. Here is the patch.
> The only known bugfeature is related with the absence of functions
> determining whether the public key only or both private and public are
> available in EVP_PKEY struct in modern openssl.
> The result is compatible with gost mscrypto signature. Example test:
> apps/.libs/xmlsec1 --verify --trusted-pem tests/keys/gost2001ca.pem
> --verification-time "2006-04-01 00:00:00"
> works, the signature and digest are verified successfully.
> The usage of GOST algorythms requires OpenSSL 1.0 or later. It should
> be configured according to README.gost instructions. The library
> should be builded with --enable-gost parameter.
> I hope you'll find this patch suitable for distribution.
> Thank you!
> xmlsec mailing list
> xmlsec at aleksey.com
SY, Dmitry Belyavsky
More information about the xmlsec