Issue #179: certmonger local ca does not save when system is in fips mode - certmonger

certmonger

#179 certmonger local ca does not save when system is in fips mode

Closed: fixed Nov 3, 2022 by rcritten. Opened Dec 9, 2020 by vakwetu.

When in FIPS mode, the local CA fails to save in /var/lib./certmonger/local/creds. It looks like the cert is generated just fine, but the following call fails: in local.c

74 p12 = PKCS12_create(NULL, CONSTANTCN, signer_key, signer_cert,
375 cas, 0, 0, 0, 0, 0);

Most likely this is because we're using whatever the default is, and that default is disallowed under FIPS.

Also, note that the unit tests fail on a FIPS machine.

rcritten commented Dec 10, 2020

I suspect it fails because the default openssl cert encryption algo is 40-bit RC2.

rcritten commented Nov 3, 2022

Fixed with 62a6634867db5d9f79b613055b8788136d4cb41d

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

Nov 3, 2022

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

certmonger

#179 certmonger local ca does not save when system is in fips mode Closed: fixed Nov 3, 2022 by rcritten. Opened Dec 9, 2020 by vakwetu.

Metadata

#179 certmonger local ca does not save when system is in fips mode

Closed: fixed Nov 3, 2022 by rcritten. Opened Dec 9, 2020 by vakwetu.