0002822: Support DSA (or DSA+RSA) certificates/keyfiles

ID	Project	Category	View Status	Date Submitted	Last Update

0002822	unreal	ircd	public	2006-02-15 12:57	2007-05-17 07:26

Reporter	ultraviolet	Assigned To	~~stskeeps~~
Priority	normal	Severity	feature	Reproducibility	always
Status	resolved	Resolution	fixed
Platform	i386	OS	FreeBSD	OS Version	6.0-p4
Product Version	3.2.4
Fixed in Version	3.3-alpha0

Summary	0002822: Support DSA (or DSA+RSA) certificates/keyfiles
Description	I recently setup some DSA keys instead of the usual RSA keys on a newly installed FreeBSD machine. The DSA keys refused to work and the SSL port wouldn't send anything out when you connected to it. I repeated this on 3.2.3 aswell, since I tried the ports install. I compiled in SSL, zlib.
Steps To Reproduce	Set yourself up as a CA. openssl dsaparam -out /tmp/dsaparam -genkey 2048 openssl gendsa -out /tmp/dsa.key /tmp/dsaparam openssl req -config /home/ultraviolet/CA/cnf/openssl.cnf -new -key /tmp/dsa.key -out /tmp/dsa.csr openssl ca -config /home/ultraviolet/CA/cnf/openssl.cnf -in /tmp/dsa.csr -keyfile /home/ultraviolet/CA/keys/ca.key -cert /home/ultraviolet/CA/certs/ca.crt -out /tmp/dsa.crt And use the dsa.(crt\|key) files.
Tags	No tags attached.

3rd party modules

djGrrr 2006-02-16 19:25 reporter ~0011255	i'm sure it says somewhere that unreal only supports RSA keys

syzop 2006-05-30 06:14 administrator ~0011798	Retagged from major to feature, renamed to 'Support DSA (or DSA+RSA) certificates/keyfiles'

~~stskeeps~~ 2006-08-02 15:39 reporter ~0012113	is this getting done still? :P

syzop 2006-08-02 18:00 administrator ~0012121	I'm keeping it in the bugtracker and not rejecting it, if that's what you mean. No you won't get an ETA.. at all.. :P.

~~stskeeps~~ 2007-05-13 12:52 reporter ~0014118	For takers: DHparams are needed it seems: SSL_CTX_set_tmp_dh() to enable the DH cipher suites - loading DH parameters.. Seems like it is the only thing needed to implement DSA connections.

~~stskeeps~~ 2007-05-17 07:25 reporter ~0014154	Implemented in .2407, with PEM files - please check if this works.

Date Modified	Username	Field	Change
2006-02-15 12:57	ultraviolet	New Issue
2006-02-16 19:25	djGrrr	Note Added: 0011255
2006-05-30 06:14	syzop	Note Added: 0011798
2006-05-30 06:14	syzop	Severity	major => feature
2006-05-30 06:14	syzop	Summary	DSA keys prevent SSL ports from working. => Support DSA (or DSA+RSA) certificates/keyfiles
2006-08-02 15:39	~~stskeeps~~	Note Added: 0012113
2006-08-02 18:00	syzop	Note Added: 0012121
2007-04-19 04:50	~~stskeeps~~	Status	new => acknowledged
2007-05-13 12:52	~~stskeeps~~	Note Added: 0014118
2007-05-17 07:25	~~stskeeps~~	Status	acknowledged => resolved
2007-05-17 07:25	~~stskeeps~~	Fixed in Version	=> 3.3-alpha0
2007-05-17 07:25	~~stskeeps~~	Resolution	open => fixed
2007-05-17 07:25	~~stskeeps~~	Assigned To	=> stskeeps
2007-05-17 07:25	~~stskeeps~~	Note Added: 0014154