JiriOndrusek
JiriOndrusek
Native failure has to be investigated further, reported as https://github.com/apache/camel-quarkus/issues/5486
All certficates and keystores have to be generated via openssl to work correctly in the FIPS, therefore I removed the keytool-plugin and added a description, how to generate certificates. I...
Sorry I forgot to remove it on all places. It shouldn'tbe there
> > For the FIPS-enabled environment, the profile `fips` has to be used. The reason is that the `BC-FIPS` is used instead of the `BC` > > The `fips` Maven...
> Great work, thanks for taking care, @JiriOndrusek! > > > All certficates and keystores have to be generated via openssl > > Do you happen to know what aspect...
> It looks good. > > So we configure openssl with the `.cnf` configuration file. Is it need for fips purpose ? Or something else please ? TBH I'm using...
There are 2 open issues: - problem in the native (reported as https://github.com/apache/camel-quarkus/issues/5486) I'll investigate it . - the option of not using BCFIPS in FIPS and use only SunPKCS11-NSS-FIPS...
> > > Do you happen to know what aspect of the generated keystore is not FIPS-compliant with keytool-maven-plugin? At the first sight, the plugin mojos seem to support all...
This PR is using BCFIPS, which is not the right call anymore. Once the following [change](https://github.com/apache/cxf/pull/1660) is merged into cxf and leveraged by the CQ, this PR should be reworked.
Superseeded by https://github.com/apache/camel-quarkus/pull/5980