[strongSwan] Integration with openssl-fips

Albert Dabrowski albert.dabrowski at gmail.com
Mon Feb 11 15:44:16 CET 2013


Hi,

Env: strongswan 4.6.4, openssl with fips 2.0 module with ECC
Problem: Configured strongswan with option --enable-openssl. Before that I
built also openssl to use fips module, anyway after installation it is seen
as a second openssl in RHEL system. Anyway the generated ECC private keys
are not recognized by strongswan.
Message in charon logs seen:

"building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders"
Seems for me like it uses a wrong openssl as this file with ec keys are not
recognized.

Could anyone give me some hint what could be a problem? I also tried with
RSA and everything worked fine.
Would be that openssl plugin is not correctly configured in strongswan?
Anyway didn't find any useful configuration for this plugin.

Regards,
Albert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20130211/37c8de80/attachment.html>


More information about the Users mailing list