hi Michael, On Fri, Jul 19, 2002 at 12:17:23PM +0200, Michael Schmidt wrote: > Hi Vadim, > > Vadim Fedukovich schrieb: > > >> For a research project I'm working on, I want to use OpenSSL with > >> ADH-DES-CBC3-SHA (TLSv1). This means I want to use neither a > >> server-side nor a client-side certificate; and the pre-master > >> secret shall be established via Diffie-Hellman key exchange. > >> > >> I understand that the current implementation of SSL_CTX_set_tmp_dh > >> (SSL_CTX *ctx, DH *dhkey), which I'm using to set the DH private > >> and public key, ignores any existing keys in dhkey->priv_key and > >> dhkey->pub_key, and uses only the DH key generation parameters > >> (prime and generator) from this structure. Looks like it generates > >> random DH keys by its own. > > > > > > A callback is available, to set DH key. See > > ssl3_send_server_key_exchange() around s->cert->dh_tmp_cb() for > > details. > > > > That is, one can set this callback instead of SSL_CTX_set_tmp_dh() > > Thanks for the info. However, the callback is called on the server side > only. Any idea about the client side?
maybe, it could be a good idea to introduce another one callback, for ssl3_send_client_key_exchange() to use some specific DH key, if you really want it. No way around DH_generate_key() for the moment good luck, Vadim > If not, it's progress anyway. It's probably easier for me to activate > the callback on the client side than to fiddle around with the > implementation of SSL_CTX_set_tmp_dh. > > > > Michael -- Naina library: http://www.unity.net/~vf/naina_r1.tgz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
