In article <[EMAIL PROTECTED]> you wrote:
> In short, this (the s_server approach) works:
> ctx = SSL_CTX_new();
> SSL_CTX_set_tmp_rsa_callback(ctx, ...);
> SSL_CTX_use_certificate(ctx, ...);
> ssl = SSL_new();
> /* now ssl->cert contains the callbacks for the RSA temp key */
> while this (the mod_ssl approach) fails:
> ctx = SSL_CTX_new();
> SSL_CTX_set_tmp_rsa_callback(ctx, ...);
> ssl = SSL_new();
> SSL_use_certificate(ctx, ...);
> /* now ssl->cert is a fresh one without the callbacks */
> I haven't looked at the code in enough detail to know for sure,
> but in case this helps.
> As long as you are generating the 512 bit RSA key beforehand (like
> mod_ssl does) or reading it out of a file during initialization
> (code that has to be added to mod_ssl or ssl_apache), you can avoid
> the callback stuff and just specify the 512 bit RSA key with
> SSL_CTX_set_tmp_rsa().
Yes, but even using SSL_CTX_set_tmp_rsa() makes no differnence, because _BOTH_
the SSL->cert->{dh,rsa}_tmp _AND_ SSL->cert->{dh,rsa}_tmp_cb variables are
lost. So, you're right that mod_ssl could do it a little bit more directly,
but is still requires my patch to make it actually working.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
