Using 0.9.9-dev (SNAP-20080417) I am able to create an EC CSR, and in turn, use it to create a X509 cert signed with an EC CA key. No problem. As long as the individual/device is capable of creating a CSR, it all works very nicely. Thank you.
My problem is that there are times when the individual or device is incapable of creating a CSR. The EC key pair has been generated and the private key is safely tucked away, but I still want a cert. Even though the public key is sent to the CA through a trusted process, I cannot use it to create a X509 cert. The routines that purport to accept a public key for inclusion into the cert will not accept an EC public key. RSA keys work fine; EC keys do not. (I've tried both openssl (the executable) and the library APIs from a C program.)
If it helps, here is a minimalist test program. BTW, making a CSR by loading the EC public key fails as well.
I know 0.9.9 is still in development so perhaps I'm being premature. Then again, perhaps I'm doing something stupid. If someone has a suggestion......