MercurialSymaptic / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/security/cryptoservices/certificateandkeymgmt/testcertificates/openssl/readme.txt
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
sl@0 
     1
 
The oscpResponder.pl script requires the ocsp responder to support DSA
sl@0 
     2
 






sl@0


     3


the following patch can be applied to openssl 0.9.7b or 0.9.7c:







sl@0


     4








sl@0


     5


--- openssl-0.9.7b.ORIG/apps/ocsp.c	2003-03-26 02:47:06.000000000 +0200







sl@0


     6


+++ openssl-0.9.7b/apps/ocsp.c	2004-02-22 16:11:18.000000000 +0200







sl@0


     7


@@ -1115,7 +1115,16 @@







sl@0


     8


 







sl@0


     9


 	OCSP_copy_nonce(bs, req);







sl@0


    10


 		







sl@0


    11


-	OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);







sl@0


    12


+	{







sl@0


    13


+		/*in case of DSA keys we should use EVP_dss1()*/







sl@0


    14


+		const EVP_MD *evp_md;







sl@0


    15


+		/*







sl@0


    16


+		 * - EVP_dss1 only or can be EVP_dss for some DSA keys ?







sl@0


    17


+		 * - should we use method EVP_PKEY_type() ?







sl@0


    18


+		 */







sl@0


    19


+		evp_md = (rkey->type == EVP_PKEY_DSA) ? EVP_dss1() : EVP_sha1();







sl@0


    20


+		OCSP_basic_sign(bs, rcert, rkey, evp_md, rother, flags);







sl@0


    21


+	}







sl@0


    22


 







sl@0


    23


 	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);







sl@0


    24


 













Symaptic