Something which may be of interest is the behaviour of the (currently) undocumented -dcert and -dkey options of s_server. This may not have been mentioned before so better to mention it twice than not at all :-) What these options do is to allow s_server to use two certificates of different types. The 'd' is presumably meant to mean "DSA" but it doesn't really distinguish: its just a way of feeding in another cert and key. Why is this useful? Well if a server has a DSA certificate then the non-RSA modes can be used: so clients don't need to support RSA and "patent free" clients can connect. However if it only has a DSA certificate then the normal (browser) RSA modes cannot be used. If it has both then both can be used. All this means for people using OpenSSL in a server is that it is advisable to permit the use of two certificates and private keys so they can take advantage of this behaviour. Steve. -- Dr Stephen N. Henson. UK based freelance Cryptographic Consultant. For info see homepage at http://www.drh-consultancy.demon.co.uk/ Email: [EMAIL PROTECTED] NOTE NEW (13/12/98) PGP key: via homepage. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
