> It seems to me that NO_RSA is not fine-grain enough, and that I'm going
> to have to go into ssl and crypto/rsa and add some of my own #ifdef's.
Sounds like an excellent idea - go for it (and persuade Eric to integrate it!)
> While I'm here, an unrelated question: I am going to be creating my DSA
> keypair for every SSL context. (Yes, the server cert will be a session key:)
> Anyone foresee any problems with this?
Why don't you use EDH by creating a DH keypair? The main pitfall here is that
you need a good RNG on the server, which is not otherwise needed for SSL.
You'll also have to add a SSL_CTX_set_tmp_dh() call to your working SSLeay/RSA
code. This means loading a set of DH params, probably generated using "gendh"
and loaded using PEM_read_bio_DHparams().
--
Clifford Heath http://www.osa.com.au/~cjh
Open Software Associates Limited mailto:[EMAIL PROTECTED]
29 Ringwood Street / PO Box 4414 Phone +613 9871 1694
Ringwood VIC 3134 AUSTRALIA Fax +613 9871 1711
------------------------------------------------------------
Deploy Applications across the net, see http://www.osa.com
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
