Greetings All, For the s_server command, when -Verify option is used, the s_server gives the following certificate request message: 0d0000390503040102400031002f.... This said, the certificate types supported are 0x03, 0x04, 0x01, 0x02, 0x40. Per RFC 2246 section 7.4.4, 0x03 denotes rsa_fixed_dh, 0x04 denotes dss_fixed_dh, 0x01 denotes rsa_sign, and 0x02 denotes dss_sign.
Questions... 1) What does certificate type 0x40 denote? 2) As far as I know, OpenSSL does not support certificates with fixed DH public parameters. Why are 0x03 and 0x04 in the list (and more preferable than 0x01 and 0x02..)? Does this imply that though OpenSSL is not able to generate certificates with fixed DH parameters, s_server is able to verify certificates with fixed DH parameters? Many thanks.. -Xiaoyu Ruan ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]