I looked into why test 310 is failing to run on a CyaSSL build with a "failed starting HTTPS server (stunnel)" error. The answer is that the server verification is failing with
* SSL_connect failed with error -283: Key Use digitalSignature not set Error CyaSSL doesn't like that the certificate that stunnel is using (tests/certs/Server-localhost-sv.pem) does not have the digitalSignature key usage extension bit 0x100 set. The certificate does have the keyEncipherment bit set, but no others. I'm no X.509 expert, but my reading of RFC 5280 is that this bit is not needed when verifying certificate signatures, which I imagine is all that's needed here. If that's the case, then CyaSSL is in the wrong. Otherwise, we'd have to regenerate that cert to add the bit. However, checking random certs on web sites, 9 out of 10 had both bits set, so for that reason I'm leaning towards regenerating our certs with this bit. Does anyone have any idea which side is right here? >>> Dan ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
