[openssl.org #2323] bug in openssl commandline tool with md5 fingerprint output

[Guenter via RT]

Hi,
while hacking on a script where I use the openssl commandline tool for 
processing PEM certs I found that suprisingly the md5 fingerprint output 
always goes to stdout instead of using the -out stream, f.e. when using:
openssl x509 -md5 -fingerprint -text -inform PEM -in tmpin.crt -out 
tmpout.crt
the md5 fingerprint output goes to stdout while the whole rest of output 
goes into tmpout.crt as expected ...
is this now intended behaviour, or just an oversight? If the latter I 
would look into the sources for fixing it ...
tested versions:
OpenSSL 0.9.8o 01 Jun 2010
OpenSSL 1.0.0a 1 Jun 2010

regards, Günter.


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Client Authentication using EC certificates

[Alex Birkett]

Hi,

There is a comment (starting on line 2169 of s3_clnt.c openssl-0.9.8o) that
states:

/* XXX: For now, we do not support client
 * authentication using ECDH certificates.
 * To add such support, one needs to add
 * code that checks for appropriate
 * conditions and sets ecdh_clnt_cert to 1.
 * For example, the cert have an ECC
 * key on the same curve as the server's
 * and the key should be authorized for
 * key agreement.
 *
 * One also needs to add code in ssl3_connect
 * to skip sending the certificate verify
 * message.
 *
 * if ((s-cert-key-privatekey != NULL) 
 * (s-cert-key-privatekey-type ==
 *  EVP_PKEY_EC)  ...)
 * ecdh_clnt_cert = 1;
 */

So authentication using an EC certificate is not currently supported by
OpenSSL? Are there any plans to add support?

Many Thanks,

Kind Regards,

-- 
Alex Birkett

mBricks AS

Fornebuveien 31, P.O. Box 69
NO-1324 Lysaker, NORWAY

www.mbricks.no

Follow us on Twitter: www.twitter.com/mBricksTeam