|
Hi - we are trying to get the setup right for the suites
:-
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA So we generated a self signed cert and put in it in server.pem.
\openssl-0.9.3a\out32dll\openssl dsaparam -out dsap.pem
512
\openssl-0.9.3a\out32dll\openssl req -x509 -newkey dsa:dsap.pem -out cert.pem Then we were told to append the DSA private key (privkey.pem) into the same
file.
so we have in server.pem
-----BEGIN CERTIFICATE-----
.. -----END CERTIFICATE-----
-----BEGIN DSA PRIVATE KEY----- .. -----END DSA PRIVATE KEY-----
-----BEGIN DH PARAMETERS----- .. -----END DH PARAMETERS-----
This works OK in that the SSL handshake succeeds. However I notice in the client side that the server has sent the private key to the client during the handshake. That didn't seem to right so I tried to put the private key into a separate file (and remove it from server.pem) and call SSL_CTX_use_PrivateKey_file. This gives the message :-
x509_check_private_key:key values mismatch
So questions :-
1. Why is the OpenSSL server sending the private key to the client?
2. Where do I put the private key to avoid this and what does the 'key
values mismatch' error mean?
thx
David Murphy
|
- Re: Setup for SSL_DHE_DSS_* again David Murphy
- Re: Setup for SSL_DHE_DSS_* again Dr Stephen Henson
