Mercurial Mercurial > oss > MCL > sf > os > security / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
cryptoservices/certificateandkeymgmt/testcertificates/openssl/readme.txt
author Santosh V Patil <santosh.v.patil@nokia.com>
Tue, 29 Sep 2009 16:08:12 +0530
changeset 6 50f2ff6984be
parent 0 2c201484c85f
child 8 35751d3474b7
permissions -rw-r--r--
Fix for Bug 383 (Wrong license text in security package)

The oscpResponder.pl script requires the ocsp responder to support DSA

the following patch can be applied to openssl 0.9.7b or 0.9.7c:

--- openssl-0.9.7b.ORIG/apps/ocsp.c	2003-03-26 02:47:06.000000000 +0200
+++ openssl-0.9.7b/apps/ocsp.c	2004-02-22 16:11:18.000000000 +0200
@@ -1115,7 +1115,16 @@
 
 	OCSP_copy_nonce(bs, req);
 		
-	OCSP_basic_sign(bs, rcert, rkey, EVP_sha1(), rother, flags);
+	{
+		/*in case of DSA keys we should use EVP_dss1()*/
+		const EVP_MD *evp_md;
+		/*
+		 * - EVP_dss1 only or can be EVP_dss for some DSA keys ?
+		 * - should we use method EVP_PKEY_type() ?
+		 */
+		evp_md = (rkey->type == EVP_PKEY_DSA) ? EVP_dss1() : EVP_sha1();
+		OCSP_basic_sign(bs, rcert, rkey, evp_md, rother, flags);
+	}
 
 	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
MCL/sf/os/security