Hello, Just a follow-up to the list. I did get things working by building another version of OpenSSL on my system. I started with 0.9.8e-fips-rhel5, which has no support for ECC. I built 1.0.0a, with the configure options of "configure shared".
I then built the OpenCA OCSP daemon after rebuilding my library cache and using: ./configure --with-openssl-prefix=/path/to/ssl I also ran into a problem using sha384, where the "md" setting currently applies to the signing of the responses, but also alters the generation of the issuerNameHash and issuerKeyHash. This was fixed by altering the code a bit, and I sent the patch to Max. I have also posted it on my web site. Hope this helps the next person along... Thanks! On 08/03/2010 02:43 PM, Massimiliano Pala wrote: > Hello Todd, > > no.. the topic has not been covered at all! Actually, you are the first > one that is attempting to use the OCSP with EC certificates. Here's a > list of the things you might want to check: > - The version of OpenSSL you linked the OCSPD against supports ECDSA > - CRL is correctly signed by the CA > - Check that at runtime the OCSPD uses the correct OpenSSL libs (try > using `ldd PATH/sbin/ocspd`) > > Let me know the results! > > Cheers, > Max > -- Regards, Todd E. Johnson ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://p.sf.net/sfu/dev2dev-palm _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
