I'm just trying to understand the SSL protocol -- this is not an alleged bug or an "issue."
In OpenSSL s_client, or for that matter, in my client test program, an attempt to use a *client* certificate fails unless I also specify -key or call SSL_CTX_use_PrivateKey_file(). Why? What role does the private key play with a *client* certificate? My understanding -- admittedly perhaps flawed -- is that the role of a client certificate is solely to authenticate the client. Isn't that role complete with just a CA-signed certificate? There's no encryption based on the client certificate, right? So what role does the key play? If none, why does OpenSSL fail without it? Thanks, Charles ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org