I'm seeing the same problem using the strongSwan binary packages for OpenWRT
E.g. trying to examine an ECDSA cert: # ipsec pki -a --type ecdsa-priv --in wrt1Key.der building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders parsing input failed I'm using the 5.0.0-1 package - would somebody be able to rebuild the package with ECDSA support enabled? On 04/04/13 17:00, Scot Hutchinson wrote: > I rebuilt strongswan with the CFLAGS you suggested and that resolved the > issue we were seeing. > > Thanks. > Scot > > ________________________________________ > From: Tobias Brunner [[email protected]] > Sent: Tuesday, April 02, 2013 11:50 AM > To: Scot Hutchinson > Cc: [email protected] > Subject: Re: [strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl > 1.0.1e-fips > > Hi Scot, > >> Apr 2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied >> dependency: PUBKEY:ECDSA > It seems the openssl plugin was not built with ECDSA support. Which is > strange if you used ipsec pki on the same host to create the ECDSA keys > and certificates. The openssl plugin uses openssl/conf.h to detect > which features the OpenSSL library was built with. Did you perhaps > build strongSwan before you reconfigured OpenSSL with ECC support? Or > are perhaps the wrong OpenSSL header files used by strongSwan? If so, > you might want to try adding -I/path/to/proper/openssl/headers to the > strongSwan CFLAGS. > > Regards, > Tobias > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.strongswan.org/mailman/listinfo/users _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
