In short, this (the s_server approach) works:
ctx = SSL_CTX_new();
SSL_CTX_set_tmp_rsa_callback(ctx, ...);
SSL_CTX_use_certificate(ctx, ...);
ssl = SSL_new();
/* now ssl->cert contains the callbacks for the RSA temp key */
while this (the mod_ssl approach) fails:
ctx = SSL_CTX_new();
SSL_CTX_set_tmp_rsa_callback(ctx, ...);
ssl = SSL_new();
SSL_use_certificate(ctx, ...);
/* now ssl->cert is a fresh one without the callbacks */
I haven't looked at the code in enough detail to know for sure,
but in case this helps.
As long as you are generating the 512 bit RSA key beforehand (like
mod_ssl does) or reading it out of a file during initialization
(code that has to be added to mod_ssl or ssl_apache), you can avoid
the callback stuff and just specify the 512 bit RSA key with
SSL_CTX_set_tmp_rsa().
-- Eric Norman
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
