Ralf S. Engelschall wrote:
> In short, this (the s_server approach) works:
>
> ctx = SSL_CTX_new();
> SSL_CTX_set_tmp_rsa_callback(ctx, ...);
> SSL_CTX_use_certificate(ctx, ...);
> ssl = SSL_new();
> /* now ssl->cert contains the callbacks for the RSA temp key */
>
> while this (the mod_ssl approach) fails:
>
> ctx = SSL_CTX_new();
> SSL_CTX_set_tmp_rsa_callback(ctx, ...);
> ssl = SSL_new();
> SSL_use_certificate(ctx, ...);
Surely this is:
SSL_use_certificate(ssl,...);
and there's the point - if you want to use the cert from the context,
then don't set one on the session. If you set one on the session, its
_wrong_ to copy the temp key from the context.
What you really want is the corresponding tmp_{rsa,dh} functions, i.e.:
void SSL_set_tmp_rsa(SSL *ssl,RSA *rsa);
and so on.
Then your code would be....
ctx = SSL_CTX_new();
ssl = SSL_new();
SSL_use_certificate(ssl, ...);
SSL_set_tmp_rsa_callback(ssl, ...);
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
