[strongSwan] [OpenWrt-Users] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips

Daniel Pocock daniel at pocock.com.au
Tue Jul 9 14:12:21 CEST 2013



I've now put together a blog entry about how I rebuilt OpenWRT with ECC
enabled for OpenSSL and strongSwan:

http://danielpocock.com/openwrt-openssl-strongswan-ecc-ecdsa



On 05/07/13 10:07, Daniel Pocock wrote:
>
> I'm seeing the same problem using the strongSwan binary packages for OpenWRT
>
> E.g. trying to examine an ECDSA cert:
>
> # ipsec pki -a --type ecdsa-priv  --in wrt1Key.der
> building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders
> parsing input failed
>
> I'm using the 5.0.0-1 package - would somebody be able to rebuild the
> package with ECDSA support enabled?
>
>
>
>
> On 04/04/13 17:00, Scot Hutchinson wrote:
>> I rebuilt strongswan with the CFLAGS you suggested and that resolved the issue we were seeing.
>>
>> Thanks.
>> Scot
>>
>> ________________________________________
>> From: Tobias Brunner [tobias at strongswan.org]
>> Sent: Tuesday, April 02, 2013 11:50 AM
>> To: Scot Hutchinson
>> Cc: users at lists.strongswan.org
>> Subject: Re: [strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips
>>
>> Hi Scot,
>>
>>> Apr  2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied dependency: PUBKEY:ECDSA
>> It seems the openssl plugin was not built with ECDSA support.  Which is
>> strange if you used ipsec pki on the same host to create the ECDSA keys
>> and certificates.  The openssl plugin uses openssl/conf.h to detect
>> which features the OpenSSL library was built with.  Did you perhaps
>> build strongSwan before you reconfigured OpenSSL with ECC support?  Or
>> are perhaps the wrong OpenSSL header files used by strongSwan?  If so,
>> you might want to try adding -I/path/to/proper/openssl/headers to the
>> strongSwan CFLAGS.
>>
>> Regards,
>> Tobias
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
> _______________________________________________
> openwrt-users mailing list
> openwrt-users at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-users





More information about the Users mailing list