Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bc-fips-2.0.jar: java.security.cert.CertPathValidatorException: OCSP responder failed: 1 #1923

Open
yhuang01 opened this issue Nov 27, 2024 · 7 comments
Assignees

Comments

@yhuang01
Copy link

yhuang01 commented Nov 27, 2024

I am using bc-fips-2.0.jar to do ocsp check for certificate generated from entrust. The ocsp responder url is: http://ocsps.ssl.com/

JDK version:
openjdk version "11.0.25" 2024-10-15 LTS
OpenJDK Runtime Environment Zulu11.76+22-SA (build 11.0.25+9-LTS)
OpenJDK 64-Bit Server VM Zulu11.76+22-SA (build 11.0.25+9-LTS, mixed mode)

However, I keep getting the following error when doing ocsp check:

Caused by: java.security.cert.CertPathValidatorException: OCSP responder failed: 1
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.OcspCache.getOcspResponse(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvOcspRevocationChecker.check(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.ProvRevocationChecker.check(Unknown Source)
        at java.base/java.security.cert.PKIXCertPathChecker.check(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.RFC3280CertPathUtilities.processCertA(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.PKIXCertPathValidatorSpi_8.engineValidate(Unknown Source)
        at org.bouncycastle.fips.core/org.bouncycastle.jcajce.provider.PKIXCertPathBuilderSpi_8.build(Unknown Source)

The following is the testing code which can be used to reproduce the issue:

import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

import java.io.FileInputStream;
import org.bouncycastle.util.Properties;

import java.security.Security;
import java.security.cert.*;
import java.util.*;

public class PKIXRevocationCheckerTest {

    public static void main(String[] args) throws Exception {
        String path = "/tmpcerts/";

        try {
            // Add Bouncy Castle FIPS as a security provider
            Security.addProvider(new BouncyCastleFipsProvider());

            // Paths to the certificates
            String rootCertPath = path + "RootCA.crt";

            // Load the certificates
            X509Certificate rootCert = loadCertificate(rootCertPath);
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BCFIPS");

            // Load certificates individually
            X509Certificate leafCert = (X509Certificate) certFactory.generateCertificate(new FileInputStream(path + "leaf.crt"));
            X509Certificate intermediateCert1 = (X509Certificate) certFactory.generateCertificate(new FileInputStream(path + "intermediate1.crt"));
            X509Certificate intermediateCert2 = (X509Certificate) certFactory.generateCertificate(new FileInputStream(path + "intermediate2.crt"));

            // Add certificates to the chain
            List<Certificate> certChain = new ArrayList<>();
            certChain.add(leafCert);
            certChain.add(intermediateCert1);
            certChain.add(intermediateCert2);

            // Load the leaf certificate and its chain
            CertPath certPath = certFactory.generateCertPath(certChain);

            // Set up the trust anchor (root certificate)
            TrustAnchor trustAnchor = new TrustAnchor(rootCert, null);

            System.setProperty("ocsp.responderURL", "http://ocsps.ssl.com");

            // Retrieve and print the property using Properties.getPropertyValue
            String ocspResponderURL = Properties.getPropertyValue("ocsp.responderURL");
            System.out.println("OCSP Responder URL: " + ocspResponderURL);

            // Set up PKIX parameters
            PKIXParameters pkixParams = new PKIXParameters(Collections.singleton(trustAnchor));
            pkixParams.setRevocationEnabled(true);

            // Add PKIXRevocationChecker to perform OCSP checks
            CertPathValidator validator = CertPathValidator.getInstance("PKIX", "BCFIPS");
            PKIXRevocationChecker revocationChecker = (PKIXRevocationChecker) validator.getRevocationChecker();

            // Configure revocation checker to use OCSP/CRL
            revocationChecker.setOptions(EnumSet.of (PKIXRevocationChecker.Option.SOFT_FAIL,
                    PKIXRevocationChecker.Option.ONLY_END_ENTITY));
            pkixParams.addCertPathChecker(revocationChecker);

            // Validate the certification path
            try {
                System.out.println(((PKIXRevocationChecker) validator.getRevocationChecker()).getClass());
                validator.validate(certPath, pkixParams);
                System.out.println("Certificate chain is valid.");
            } catch (CertPathValidatorException e) {
                e.printStackTrace();
                System.err.println("Certificate chain validation failed: " + e.getMessage());
            }

        } catch (Exception ex) {
            ex.printStackTrace();
        }
    }

    /**
     * Loads a certificate from a file.
     *
     * @param certPath Path to the certificate file.
     * @return The loaded X509Certificate.
     * @throws Exception If an error occurs while loading the certificate.
     */
    private static X509Certificate loadCertificate(String certPath) throws Exception {
        try (FileInputStream fis = new FileInputStream(certPath)) {
            CertificateFactory factory = CertificateFactory.getInstance("X.509");
            return (X509Certificate) factory.generateCertificate(fis);
        }
    }

    private static X509CRL loadCRL(String crlPath) throws Exception {
        try (FileInputStream fis = new FileInputStream(crlPath)) {
            CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "BCFIPS");
            return (X509CRL) certFactory.generateCRL(fis);
        }
    }
}
@yhuang01
Copy link
Author

yhuang01 commented Nov 27, 2024

This the leaf.crt:

-----BEGIN CERTIFICATE-----
MIIIXjCCBkagAwIBAgIQJMVkeUx4he0HqG6SEmmbHDANBgkqhkiG9w0BAQsFADBR
MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQD
DB9FbnRydXN0IE9WIFRMUyBJc3N1aW5nIFJTQSBDQSAxMB4XDTI0MTEyMDAxNDIy
MloXDTI1MTExOTA4MDAwMFowgYIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxp
Zm9ybmlhMRIwEAYDVQQHDAlTYW4gRGllZ28xHTAbBgNVBAoMFFRlcmFkYXRhIENv
cnBvcmF0aW9uMSswKQYDVQQDDCJkbS10ZHZtLXNtcC0xNDM2LmxhYnMudGVyYWRh
dGEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrc97eSXzx8S
JLOQ1MFShNH08fmXpg/QQy4MM2P9aauelBsglFf9CEp6/WEF/Uq2XSADtoJ8L42K
F8/R0FltH2OtH/9qJ51SpxyD79qWRITYFGdeWH61jnAv17JkKb7kPGUjyHE/N8pM
4WKvIMPWCX+sBRaYijrzSjm9pQQV0ewtiSz5mNS0nK6VL2tzW1sbjoMXf4bQvAVk
yA2YGMsqENQEMwby7fzSuzoQCkYhCJuy2gc/bcxbQkjxnkNa2GEeGPGqAzjVLFuT
it7IgKsPBPWxro6XQDGj2W3VZ9pNEP0wD1VDBThXMiSu7GgfEunM8hGOlc7BxgQX
/Dy+ofF7RqS5g3XpxeNvKikxq+PIb8FfgqhXylhPFDnA9BZfVuTJfRNt7Y+R7/0b
vBIs4oPGN0x26RfpkVHPNqyVaIR7ChC5xjuPg2tQqK9pjmGXCcnAWrA3IqTaW0Ck
Io399Ih+oIJ24VIy2sfnIJcBJ3EIHnfBXWAXs1xfhRv8aZJxX8RzBvlwtMdbYLFM
ex6If2xGcqIQVeDSAoWbcyvtJaHSncOOYaKCVtZ2OBmSTT/lZrVE9c23CrVM92dU
T1NjZuSyF41TkfQb08M6rZc2g/KTdduDxiVZxQhDhKwn/EaljqtMhGbqqIjkvIAY
vo+Csh6OmbHhDH3DbhXNsjjfQIwHi78CAwEAAaOCAv4wggL6MAwGA1UdEwEB/wQC
MAAwHwYDVR0jBBgwFoAUaA1FyjXC55ob8LOE3dXafwuJwREwaAYIKwYBBQUHAQEE
XDBaMDYGCCsGAQUFBzAChipodHRwOi8vY2VydC5zc2wuY29tL0VudHJ1c3QtT1ZU
TFMtSS1SMS5jZXIwIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3Nwcy5zc2wuY29tMC0G
A1UdEQQmMCSCImRtLXRkdm0tc21wLTE0MzYubGFicy50ZXJhZGF0YS5jb20wIwYD
VR0gBBwwGjAIBgZngQwBAgIwDgYMKwYBBAGCqTABAwECMB0GA1UdJQQWMBQGCCsG
AQUFBwMCBggrBgEFBQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3Jscy5z
c2wuY29tL0VudHJ1c3QtT1ZUTFMtSS1SMS5jcmwwHQYDVR0OBBYEFHU3NqvtEsnU
1BCfMSJpoWg4u50EMA4GA1UdDwEB/wQEAwIFoDCCAX4GCisGAQQB1nkCBAIEggFu
BIIBagFoAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTR0VM
KAAABAMARzBFAiAMHORZOOsyn4rXza7mPu1OudrS6Myk7iOdb0c/3R6BgQIhAOC6
GH7XU9c9dkmiuRr/TvW+CsShAhp7j84Uhw9JAumHAHYA3dzKNJXX4RYF55Uy+sef
+D0cUN/bADoUEnYKLKy7yCoAAAGTR0VMEwAABAMARzBFAiB653sS0NqBKniaqoal
qxOAsINJwGIQMTwDeOL0DPNHagIhAPF9Kk/1ktJ3/jfIw3xoggf3gx+LVrJd4ndc
izJIy8bSAHYAEvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGTR0VL
8gAABAMARzBFAiBo1DzKCQKZHopbnqOXV/M5A/8stYvh9cw4JLNPiVfICgIhAOOz
9Ldth08mVt9d61KVZsB+cXzknumz+degPxBqmKb+MA0GCSqGSIb3DQEBCwUAA4IC
AQBWyWIGPlu5Hvf+CXGy6/6XlHKvjJ1dfN0ror5pbXWS27KOz1ZCygNu58oAtV46
877KkoxPM7KjiU6m3lkwkr7Nppy6zpcvIcmLSZROV4FwMefRXixihixr/5gAPnmC
ElmSUj7SihwppGxk8mtL36PumfRxC3FVEy5BzbIgfPb44R1U3wlvbmoqlUKK0ueF
aDYap+PHOYuAxRuyK6+fGKeajfVjaWek16IlGAnZtNtnjm9IgFU+l/mvvs+fzvWG
2FCtak82is0IkDC75F9KaNXs5AVvxNeRYlPQC2oSuqmZJjAqrjt0baZuQtSZjoRG
fRc7f82kJZD3VT6kA6wJYI6Fx4oBNv4dxmv4XyJu/X/oHFYve0skEWJhAiHOTsmd
61P80i3x7kGtMpG4L4ahwR/8JC+1W+kgq80UMGm5ZfRzLL1F2oPRppDe9nn4PmmV
giUYBPv7mfHn9slqT6asLSyZx5DVPD+H3X0bjPkew0ItHtSrr1RDmsedI/K0/dcb
ULvLKm4O7HrdYTAzzB61meZD7BIaw9qSqi9sw0T9wJGHg4RObBgwyYs4sHQW0sxS
aYohUFdaHwIJHg1XW9ZfpV+pIWQh3ity1b0AkNa+bOPZNKD+eVsGsYjX/72e6Khq
It/mZJZFQnUIqhkKtoJL+unjiOpKoVxdFWw+0pEUNrem8A==
-----END CERTIFICATE-----

@yhuang01 yhuang01 changed the title java.security.cert.CertPathValidatorException: OCSP responder failed: 1 bc-fips-2.0.jar: java.security.cert.CertPathValidatorException: OCSP responder failed: 1 Nov 27, 2024
@yhuang01
Copy link
Author

The following is intermediate1.crt:

-----BEGIN CERTIFICATE-----
MIIGVjCCBD6gAwIBAgIQb+Y+3l/BwDr7bXqFvToVbTANBgkqhkiG9w0BAQsFADBO
MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD
DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTI0MDgyMjE3NTMzOFoX
DTI3MDgyMjE3NTMzN1owUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw
b3JhdGlvbjEoMCYGA1UEAwwfRW50cnVzdCBPViBUTFMgSXNzdWluZyBSU0EgQ0Eg
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKCL+NvDMIL3efFuNaQc
aYwzFpZQd/B6gkTd0s+Cu5jFu3Iw5qxis7xsRQWf739+ohRm42PYEiH7IjErxQAw
+jbLstW7HP7UaTDoYSN/IZ5mG0wHF/QLlAyXsGz9hNPPE31CN8xfA4JFH8jaQftN
QJJnRgWKFys3LK/U2YWbOkx4M50XHFsEDkAuwkt11vEzveJkglfd2O9srAhMsz21
YciZed5VQRncdFbY0hh/hbs9n9eRkmg/ItDOmvKbWiljXP7Pigl9mMJWfnqEJaUd
tt4FzpiizghGgTwGytDAUH7GxtiLdf3F/Vs5UhRUdEQEnm5Y1OVdjLb3CZpTc3vw
XViwO/jG7b64Ancehrrpagbj8yVXGk4Vh8Rj4nf99whmGGP+z9+9T5DXaWTF2xt9
PCbviJaIotT3XO7J2VGZyxnV85us4WVY7/vpCQgUEajsglaFW53UCD3uzuBUR3lW
YDWZvd7wiPg5wWhA6DXL//MKVQ0dvUJ03AI+zxUvYCDyhBPOEx9ojRgF7HOvq+wG
EvX6kV34e5ZLaeR0Wr8iaUq8Wl9oPB0vxuZdJMT4ewNHjLB6IFJY4cszBQBPmxMx
jnRkaDb7B/dlS/I2sjTyxB/n+CwbHbuiwkKqVVQpbYws7cmrkUjLQklqFO1xJrVI
Me3bAHHqOZeMfUYCo5gxrPCLAgMBAAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/
AgEAMB8GA1UdIwQYMBaAFPsuN+7jhHonLs0ZNbEzfP/UREK5MEwGCCsGAQUFBwEB
BEAwPjA8BggrBgEFBQcwAoYwaHR0cDovL2NlcnQuc3NsLmNvbS9TU0xjb20tVExT
LVJvb3QtMjAyMi1SU0EuY2VyMBEGA1UdIAQKMAgwBgYEVR0gADAdBgNVHSUEFjAU
BggrBgEFBQcDAgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2Ny
bHMuc3NsLmNvbS9TU0xjb20tVExTLVJvb3QtMjAyMi1SU0EuY3JsMB0GA1UdDgQW
BBRoDUXKNcLnmhvws4Td1dp/C4nBETAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN
AQELBQADggIBABNdeusuCgNkxuATfOU8MHWeX7BYQA77yRx/fdV5rEMOdIRMRH/J
Ar7qQ+RH9SY4tqAwkfsKBNhgqZnjzeYOMmOVRTlOQpKJwMwZbX5M1IvuF45EF5BO
dwRBIMAqSxLzFV4CAS1LUEptuA6SGMC6thY4TdQoHN1YR5A/tFmPj9ASDxlqE7Wc
7ZkeL1R8NAKNbcYGPEUXAy9NMiIwwnTqJqQSQXAquf8rhOiOfqWoghMU1xUQ4VgO
aPPCbHCanTLWLLo6MEcHuVNdYvtTUmxixuTcqU2E+XfzUH0qoOskiwxAXncRaM+H
7diEROecsP9PQFui/ll7QmiEE4goazA72Mvk1IsL7+2gI9BrUgWGxGLOoCcJqvUg
Z/8K6N5UJZKXnjOL+tjQVk8qCcF818vuOtOvSAQUeOjSdb1QjaM18Fc62qyclga8
FIxqs4UPJg7ozHrCkPBUXb1MlUu0yf0Y9i8R9woh6S0k4TZGZKKKdxmS7QnF4D6M
Rr60DDCwdUKP5dMmqPsWd2qaBxlaS3wacNqjhdt0DbXmEOz18BRiKbRxaZ4sDxn9
O8XngqHUi9j5bulLTfQSqxDXuMwG0WjkqgkJaCujQ1zIZ7sSIcfGzBevRSy1R32Y
Wp1i1vr3oWsj+Cw9gr8FPEw/pPcW7GWfoJvpiHVQ99u7+vUqjQQ13ieL
-----END CERTIFICATE-----

@yhuang01
Copy link
Author

The following is intermediate2.crt

-----BEGIN CERTIFICATE-----
MIIGrzCCBJegAwIBAgIQMm9k6XA0xvejlGpQo+0E/jANBgkqhkiG9w0BAQsFADCB
gjELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9u
MRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNzA1BgNVBAMMLlNTTC5jb20gRVYg
Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EgUjIwHhcNMjMxMTA3MTcy
NTQ0WhcNMzgxMTAzMTcyNTQzWjBOMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NM
IENvcnBvcmF0aW9uMSUwIwYDVQQDDBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAy
MDIyMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0KQJck9AiBJhPjUj
nu72dM8ve1g9zjwNECiQL5f3jEjYoNglsUywEUwXc1DQIkpju4HTKW7VtQk+Jhh/
shJ/k5i3r/A2v/LuGJ6cO1LFRxlddPNkZtVdx2i0vxscBqO8j0Ajth7GhL1RxBs5
wZXSKexLrnstvzn9tGLelntBxpyg4AZy+/AHlwk5gXSv9zRZEVcKwlvBJPQxczCC
xp26Avc+fERfgw3z8d0gaRYJUOLUVbbggHJ2bkxHt3VVWbRTdNmUxkGtWIoxZg8e
ohspQE4v33vmFiwt/L/s87T6vhj2m0nU7gVu2TTznPHsAYvRIMYPoLW8F05Ie1HC
/OlcaTdHZrNo+BUo8LnTpBXMWk+6UnCjEkXdxrpO+8LQ96hSJ21uebWM/HuMwRZM
7oB/vvB2vkFTEjOuWjhCq9cPPkGNdgcy1auJ9k5n2bFCdSNu881CsvxV9VOHFzvA
M1jxUtL5gKTw6PA7izjMpMaQfw+c/YvRo8/ag6dpyVA21VwF0gpBdNtjETfBpaCW
Sx6MFhJ3rpQ0ex5/wmYA5KqD6oqQrc42RE3RUem8H/NqBf3AdB8lGUBRbuqCUUDf
m7kIKgYC1SMcE9bp29vGsHrLeyeb++DVRiTtEEtjS6UFj7q4HSum+pHiklK97Otn
l22aLZ+BMgVnMvtICD/ZJbgEJS8CAwEAAaOCAVIwggFOMA8GA1UdEwEB/wQFMAMB
Af8wHwYDVR0jBBgwFoAU+WC71OPVNPa49QaAJadz20ZpqJ4wcgYIKwYBBQUHAQEE
ZjBkMEAGCCsGAQUFBzAChjRodHRwOi8vY2VydC5zc2wuY29tL1NTTGNvbS1Sb290
Q0EtRVYtUlNBLTQwOTYtUjIuY2VyMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcHMu
c3NsLmNvbTARBgNVHSAECjAIMAYGBFUdIAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmxzLnNzbC5jb20v
U1NMY29tLVJvb3RDQS1FVi1SU0EtNDA5Ni1SMi5jcmwwHQYDVR0OBBYEFPsuN+7j
hHonLs0ZNbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOC
AgEABww8/EJeCfUTd8APb/yA2G0SfcBZ6tmWD/+XuQwoI81XaDh9w56fSfDJoRjf
EFOjdkwyrQj2p/Rah9rfArC8S/DttURF0cWbLfxBdfNyomfO9QtEukNyRgtFYBai
wbf/r21fm5ieukFA3/5A0vRxTlVJyrvAEMI+hML/HaeB8bkvXX61qKsN8YyeuZB8
0nS0iwXiM+qzOgr7dtlCvjwZRC+DqbWQreoVyibnXM99sgrb5cgMNQbud7TEZwEZ
v+3Mf2Ld2oW38tivJbDAPtWvTovMN3qG5ch/UbGCbhYxZ+rBOKLgPUlBrjMkly8g
CzbEYozmo+WuoBDapkJN06qJmIPQNJDyYikK0QztZjRtdlHzHCQKaPifcs2HJ79p
IhZ6j1KfoMmEBMyIDZkj3oJ5aNpIDaN6FP95yBVwVrVXis6LmlxWsDsMDO8Xmusp
rY80h8OfUwQsRf/noJX9wBeQ3gEgPiZEWXYgd0WMmraJM2ultEcYgNVlYcYFTrZc
QxT7ULP/gopAUa1f/V4AJrxVvmHUfU02AnPoE2C9YprR77b9pSkBeyu1GAmLf24P
Jzmbxl0TGvfbPennBaBKOFYvaPLTDLZyRkxJRWbZFnfsVz+7a/+HyqOzBo0J5zGE
QPxsyeT4xKYKwjTrVyrIyFxfVyiWXZ7ZssN5cHqkX/3At4w=
-----END CERTIFICATE-----

@yhuang01
Copy link
Author

The following is RootCA.crt

-----BEGIN CERTIFICATE-----
MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNV
BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UE
CgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMB4XDTE3MDUzMTE4MTQzN1oXDTQy
MDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEQMA4G
A1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYDVQQD
DC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvq
M0fNTPl9fb69LT3w23jhhqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssuf
OePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7wcXHswxzpY6IXFJ3vG2fThVUCAtZJycxa
4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTOZw+oz12WGQvE43LrrdF9
HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+B6KjBSYR
aZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcA
b9ZhCBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQ
Gp8hLH94t2S42Oim9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQV
PWKchjgGAGYS5Fl2WlPAApiiECtoRHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMO
pgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+SlmJuwgUHfbSguPvuUCYHBBXtSu
UDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48+qvWBkofZ6aY
MBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa4
9QaAJadz20ZpqJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBW
s47LCp1Jjr+kxJG7ZhcFUZh1++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5
Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nxY/hoLVUE0fKNsKTPvDxeH3jnpaAg
cLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2GguDKBAdRUNf/ktUM
79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDzOFSz
/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXt
ll9ldDz7CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEm
Kf7GUmG6sXP/wwyc5WxqlD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKK
QbNmC1r7fSOl8hqw/96bg5Qu0T/fkreRrwU7ZcegbLHNYhLDkBvjJc40vG93drEQ
w/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooi
S9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07
mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
-----END CERTIFICATE-----

@yhuang01
Copy link
Author

yhuang01 commented Dec 2, 2024

It appears that this issue is related to #1548, which was fixed in 1.78. But it is not included in bc-fips-2.0.0 distribution.

@dghgit
Copy link
Contributor

dghgit commented Dec 15, 2024

Yes, unfortunately this showed up well after submission. It's fixed in the FIPS PQC update which we are working on now.

@dghgit dghgit self-assigned this Dec 15, 2024
@yhuang01
Copy link
Author

FIPS PQC update

Thank you for your response. Do you have an estimated timeline for the next BC-FIPS library release and its certification?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants