> On 12 Oct 2016 8:45 am, "Igor Cicimov" <ig...@encompasscorporation.com > <mailto:ig...@encompasscorporation.com>> wrote: > > > > On 11 Oct 2016 7:05 pm, "Thierry Fournier" <thierry.fourn...@ozon.io > > <mailto:thierry.fourn...@ozon.io>> wrote: > > > I'm currently trying to investigate about a little leak of memory in > > > the certificates loading, and I try to test ECDSA certificates and > > > cipher. > > > > > > I can't done this :( I don't understand anything in the ECDSA > > > certificate process. > > > > > > My test certificate is generated from a little chain where the root CA > > > is autosigned. So the root CA and the 2 intermediate are RSA > > > certificates. The ECDSA certificate is build with these commands: > > > > > > openssl ecparam -name secp521r1 -genkey -param_enc explicit -out \ > > > $CN.ecdsa.key > >
I ran into this as well and it turns out that s_client and s_server do not seem to play nicely with curves when using -param_enc explicit and instead prefer to only deal with named curves. Encode the key params using named curve that both sides can accept and your test should work. Also, see https://groups.google.com/forum/#!topic/mailing.openssl.users/Rg6yV4ccWeo <https://groups.google.com/forum/#!topic/mailing.openssl.users/Rg6yV4ccWeo> -Bryan
