[strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips

Tobias Brunner tobias at strongswan.org
Tue Apr 2 18:50:48 CEST 2013

Hi Scot,

> Apr  2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied dependency: PUBKEY:ECDSA

It seems the openssl plugin was not built with ECDSA support.  Which is
strange if you used ipsec pki on the same host to create the ECDSA keys
and certificates.  The openssl plugin uses openssl/conf.h to detect
which features the OpenSSL library was built with.  Did you perhaps
build strongSwan before you reconfigured OpenSSL with ECC support?  Or
are perhaps the wrong OpenSSL header files used by strongSwan?  If so,
you might want to try adding -I/path/to/proper/openssl/headers to the
strongSwan CFLAGS.


More information about the Users mailing list