Hi, I was going through the openssl server code. I have some doubt regarding loading of certificate and key pair. As i have seen the certificate structure has a array of "pkeys" of type CERT_PKEY i.e. CERT_PKEY pkeys[SSL_PKEY_NUM]; This means that we can load multiple type of certificate/key pair for single server. But in the current implementation (i.e openssl-0.9.6a) I have found that at no point of time I am able to load a pair for index SSL_PKEY_RSA_SIGN, SSL_PKEY_DH_RSA and SSL_PKEY_DH_DSA. Because he extarct's public key from the certificate and at the time of extraction and checks that key type can only be of EVP_PKEY_RSA or EVP_PKEY_DSA, if public/private key type is other than these, then it is an error. And assignment for the index SSL_PKEY_DH_RSA is done only if key type is EVP_PKEY_DH and the sig_alg algorithm is RSA and for SSL_PKEY_DH_DSA the key type EVP_PKEY_DH and the sig_alg algorithm is DSA. So at no point of time you can have a cert/key pair as SSL_PKEY_DH_RSA/SSL_PKEY_DH_DSA. So could u clarify at what point i will be able to load a value at this index. Because at one place i.e. at ssl_get_cert_mask he checks for this index and set the mask appor. and the comment says /* DH cert RSA CA cert */ or /* DH cert and DSA CA cert */. So when this will happen? Regards Ritesh __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
