From: Selva Nair <selva.n...@gmail.com> Hi,
For now this is only for openssl 1.1.0+. With some ifdefs and compat functions could be back ported to 1.0.2. For 1.0.1 hacks like duplicating internal ECDSA_METHOD struct or linking to internal headers appears to be required. Not interesting unless there is a strong demand. For mbedtls I've no idea how to hook into the ecdsa signing methods. Tested on linux/openssl-1.1.0g by manually passing the signature to management, with signature generated on command line by 'echo $rsa_sig_cut_n_paste | base64 -d | openssl pkeyutl -inkey keyfile | base64' Doing something similar for cryptoapicert is in the works (actually that was the objective, but this was obviously easier to test, lather, rinse) Selva Selva Nair (3): Refactor ssl_openssl.c in prep for external EC key support Allow external EC key through --management-external-key Document management request >ECDSA_SIGN and response ecdsa-sig doc/management-notes.txt | 30 ++++++ src/openvpn/manage.c | 30 ++++++ src/openvpn/manage.h | 3 + src/openvpn/ssl_openssl.c | 234 +++++++++++++++++++++++++++++++++++++++++----- 4 files changed, 273 insertions(+), 24 deletions(-) -- 2.1.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
