After upgrading (from 0.9.7b) to 0.9.7c, SSL handshake fails. Here are the symptoms: SSL_connect breaks with SSL_R_MISSING_EXPORT_TMP_RSA_KEY. This happens because the client plans on using RSA_EXPORT1024_WITH_DES_CBC_SHA, and the server has a certificate with a 1024-bit RSA key. In 0.9.7b there was a bug in X509_certificate_type() that caused it to mark the server's public key with EVP_PKT_EXP (i.e. this is an export cipher key). The bug was fixed in 0.9.7c, and so I have an EXPORT cipher, with NON-EXPORT key. This causes a check in ssl3_check_cert_and_algorithm() to fail because an EXPORT algorithm is used with NON-EXPORT certificate, and no temporary EXPORT key. My question is: Why is this check needed? Is it required in SSL/TLS specification? It seems strange to me to blame the server for not generating a temporary 512 bit key (the algorithm specifies explicitly RSA-1024...). Anybody encountered this before? Any solution / workaround? I'm using Windows 2000 Active Directory as the server, and the client is my application which is linked with OpenLDAP and OpenSSL. It tries to establish a LDAP over SSL connection on port 636. (Same client works when linked with 0.9.7b) Thanks Tal
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
