Hi, There is a comment (starting on line 2169 of s3_clnt.c openssl-0.9.8o) that states:
/* XXX: For now, we do not support client * authentication using ECDH certificates. * To add such support, one needs to add * code that checks for appropriate * conditions and sets ecdh_clnt_cert to 1. * For example, the cert have an ECC * key on the same curve as the server's * and the key should be authorized for * key agreement. * * One also needs to add code in ssl3_connect * to skip sending the certificate verify * message. * * if ((s->cert->key->privatekey != NULL) && * (s->cert->key->privatekey->type == * EVP_PKEY_EC) && ...) * ecdh_clnt_cert = 1; */ So authentication using an EC certificate is not currently supported by OpenSSL? Are there any plans to add support? Many Thanks, Kind Regards, -- Alex Birkett mBricks AS Fornebuveien 31, P.O. Box 69 NO-1324 Lysaker, NORWAY www.mbricks.no Follow us on Twitter: www.twitter.com/mBricksTeam
