I rebuilt strongswan with the CFLAGS you suggested and that resolved the issue we were seeing.
Thanks. Scot ________________________________________ From: Tobias Brunner [[email protected]] Sent: Tuesday, April 02, 2013 11:50 AM To: Scot Hutchinson Cc: [email protected] Subject: Re: [strongSwan] ECDSA failures with Strongswan 5.0.2 and openssl 1.0.1e-fips Hi Scot, > Apr 2 15:18:16 00[LIB] feature PUBKEY:ECDSA in 'pem' plugin has unsatisfied > dependency: PUBKEY:ECDSA It seems the openssl plugin was not built with ECDSA support. Which is strange if you used ipsec pki on the same host to create the ECDSA keys and certificates. The openssl plugin uses openssl/conf.h to detect which features the OpenSSL library was built with. Did you perhaps build strongSwan before you reconfigured OpenSSL with ECC support? Or are perhaps the wrong OpenSSL header files used by strongSwan? If so, you might want to try adding -I/path/to/proper/openssl/headers to the strongSwan CFLAGS. Regards, Tobias _______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
