Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use custom OpenSSL engine - GOST TLS #76

Open
daskain opened this issue Feb 19, 2020 · 1 comment
Open

Use custom OpenSSL engine - GOST TLS #76

daskain opened this issue Feb 19, 2020 · 1 comment

Comments

@daskain
Copy link

daskain commented Feb 19, 2020

How can I use the GOST engine from the custom assembly OpenSSL

OpenSSL works great with this engine, as does curl. But when you try to use in Java - nothing comes out

For example, I declare
System.setProperty ("org.wildfly.openssl.path", "/usr/local/ssl/lib/");
In log:
2020-02-19 14: 19: 52.581 INFO 28673 --- [restartedMain] org.wildfly.openssl.SSL: WFOPENSSL0002 OpenSSL Version OpenSSL 1.1.1d 10 Sep 2019

It's fine, but not work.
when trying to connect to the host, I get an error:

org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://{host}/api/v1/account/login": 
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure; nested exception is javax.net.ssl.SSLException: 
error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Block of code with details SSLContext


KeyStore trustedKeyStore = KeyStore.getInstance ("JKS");
trustedKeyStore.load (new FileInputStream ("/home/ubuntu/demo/trustStore"), "truststore" .toCharArray ());

TrustManagerFactory tmf = TrustManagerFactory.getInstance (TrustManagerFactory.getDefaultAlgorithm ());
tmf.init (trustedKeyStore);

SSLContext sslContext = SSLContext.getInstance ("openssl.TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
@heyuanliu-intel
Copy link

From the code perspective, you can take a look at this source file.
https://github.com/wildfly-security/wildfly-openssl-natives/blob/main/libwfssl/src/ssl.c

Line 537.

ssl_thread_setup();

/* TODO: engine support? */

So I think this library doesn't support custom engine now.

Could anyone add the support to custom engine ? We also need this feature now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants