I've now put together a blog entry about how I rebuilt OpenWRT with ECC enabled for OpenSSL and strongSwan:
http://danielpocock.com/openwrt-openssl-strongswan-ecc-ecdsa On 05/07/13 10:07, Daniel Pocock wrote: > > I'm seeing the same problem using the strongSwan binary packages for OpenWRT > > E.g. trying to examine an ECDSA cert: > > # ipsec pki -a --type ecdsa-priv --in wrt1Key.der > building CRED_PRIVATE_KEY - ECDSA failed, tried 2 builders > parsing input failed > > I'm using the 5.0.0-1 package - would somebody be able to rebuild the > package with ECDSA support enabled? > > > > > On 04/04/13 17:00, Scot Hutchinson wrote: >> I rebuilt strongswan with the CFLAGS you suggested and that resolved the >> issue we were seeing. >> >> Thanks. >> Scot >> >> ________________________________________ >> From: Tobias Brunner [[email protected]] >> Sent: Tuesday, April 02, 2013 11:50 AM >> To: Scot Hutchinson >> Cc: [email protected] >> Subject: Re: [strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl >> 1.0.1e-fips >> >> Hi Scot, >> >>> Apr 2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has >>> unsatisfied dependency: PUBKEY:ECDSA >> It seems the openssl plugin was not built with ECDSA support. Which is >> strange if you used ipsec pki on the same host to create the ECDSA keys >> and certificates. The openssl plugin uses openssl/conf.h to detect >> which features the OpenSSL library was built with. Did you perhaps >> build strongSwan before you reconfigured OpenSSL with ECC support? Or >> are perhaps the wrong OpenSSL header files used by strongSwan? If so, >> you might want to try adding -I/path/to/proper/openssl/headers to the >> strongSwan CFLAGS. >> >> Regards, >> Tobias >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> https://lists.strongswan.org/mailman/listinfo/users > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/mailman/listinfo/openwrt-users _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-users
