I'm trying to use a DSA cert instead of an RSA one to avoid the patent
issues in North America, but I can't seem to get it to work. The client and
the server are both our own, so interoperability is not an issue.
I've created an RSA key that works just fine like this:
openssl genrsa -out test.key 512
openssl req -config pp.cnf -out test.cert -key test.key -days
2500 -new -x509
openssl x509 -text <test.cert|less
I'm creating the non-working DSA cert and key like this:
openssl dsaparam -rand /dev/random 512 >dsa.param
openssl gendsa -rand /dev/random dsa.param >test.key
openssl req -config pp.cnf -out test.cert -key test.key -days
2500 -new -x509
openssl x509 -text <test.cert|less
When I use the DSA key, the client and server never get a connection set up.
It seems that SSL_accept() on the server returns SSL_ERROR_SSL almost
immediately.
The cipher list on both the client and the server are the same:
Cipher # 1: EDH-RSA-DES-CBC3-SHA
Cipher # 2: EDH-DSS-DES-CBC3-SHA
Cipher # 3: DES-CBC3-SHA
Cipher # 4: IDEA-CBC-SHA
Cipher # 5: RC4-SHA
Cipher # 6: RC4-MD5
Cipher # 7: EDH-RSA-DES-CBC-SHA
Cipher # 8: EDH-DSS-DES-CBC-SHA
Cipher # 9: DES-CBC-SHA
Cipher #10: DES-CBC3-MD5
Cipher #11: IDEA-CBC-MD5
Cipher #12: RC2-CBC-MD5
Cipher #13: RC4-MD5
Cipher #14: RC4-64-MD5
Cipher #15: DES-CBC-MD5
Cipher #16: EXP-EDH-RSA-DES-CBC-SHA
Cipher #17: EXP-EDH-DSS-DES-CBC-SHA
Cipher #18: EXP-DES-CBC-SHA
Cipher #19: EXP-RC2-CBC-MD5
Cipher #20: EXP-RC4-MD5
Cipher #21: EXP-RC2-CBC-MD5
Cipher #22: EXP-RC4-MD5
Any ideas on why RSA works but DSA does not?
______________________________________________________________
[EMAIL PROTECTED] (Mike Benna)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
