MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/security/cryptoservices/certificateandkeymgmt/testcertificates/openssl/readme.txt
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution. 
     1 The oscpResponder.pl script requires the ocsp responder to support DSA

     2 

     3 the following patch can be applied to openssl 0.9.7b or 0.9.7c:

     4 

     5 --- openssl-0.9.7b.ORIG/apps/ocsp.c	2003-03-26 02:47:06.000000000 +0200

     6 +++ openssl-0.9.7b/apps/ocsp.c	2004-02-22 16:11:18.000000000 +0200

     7 @@ -1115,7 +1115,16 @@

     8  

     9  	OCSP_copy_nonce(bs, req);

    10  		

    11 -	OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);

    12 +	{

    13 +		/*in case of DSA keys we should use EVP_dss1()*/

    14 +		const EVP_MD *evp_md;

    15 +		/*

    16 +		 * - EVP_dss1 only or can be EVP_dss for some DSA keys ?

    17 +		 * - should we use method EVP_PKEY_type() ?

    18 +		 */

    19 +		evp_md = (rkey->type == EVP_PKEY_DSA) ? EVP_dss1() : EVP_sha1();

    20 +		OCSP_basic_sign(bs, rcert, rkey, evp_md, rother, flags);

    21 +	}

    22  

    23  	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);

    24
Symaptic