[strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips
Daniel Pocock
daniel at pocock.com.au
Fri Jul 5 10:07:25 CEST 2013
I'm seeing the same problem using the strongSwan binary packages for OpenWRT
E.g. trying to examine an ECDSA cert:
# ipsec pki -a --type ecdsa-priv --in wrt1Key.der
building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders
parsing input failed
I'm using the 5.0.0-1 package - would somebody be able to rebuild the
package with ECDSA support enabled?
On 04/04/13 17:00, Scot Hutchinson wrote:
> I rebuilt strongswan with the CFLAGS you suggested and that resolved the issue we were seeing.
>
> Thanks.
> Scot
>
> ________________________________________
> From: Tobias Brunner [tobias at strongswan.org]
> Sent: Tuesday, April 02, 2013 11:50 AM
> To: Scot Hutchinson
> Cc: users at lists.strongswan.org
> Subject: Re: [strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips
>
> Hi Scot,
>
>> Apr 2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied dependency: PUBKEY:ECDSA
> It seems the openssl plugin was not built with ECDSA support. Which is
> strange if you used ipsec pki on the same host to create the ECDSA keys
> and certificates. The openssl plugin uses openssl/conf.h to detect
> which features the OpenSSL library was built with. Did you perhaps
> build strongSwan before you reconfigured OpenSSL with ECC support? Or
> are perhaps the wrong OpenSSL header files used by strongSwan? If so,
> you might want to try adding -I/path/to/proper/openssl/headers to the
> strongSwan CFLAGS.
>
> Regards,
> Tobias
>
>
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users
More information about the Users
mailing list