OK I understand.
By subsequent transactions I originally thought you meant during the
same session.
I apologize for diverting from the problem of the original poster.
Maybe I can redeem myself by pointing to the example callback function:
http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html
and suggest trying to use
http://www.openssl.org/docs/ssl/SSL_get_verify_result.html
then test for return value 18 = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
to deal with self signed certificates. Hope this is useful :)
Kyle Hamilton wrote:
Diffie-Hellman key exchange is a means of creating a session key in a
manner that's not easily reversible by an eavesdropper, not a means of
authentication. The public/private keypair is the only means of
authenticating an anonymous third party as being that specific
anonymous third party, and not some interloper. (See the Freenet
project for an example of this.)
You could, theoretically, use it as a means of authentication IF and
ONLY IF the public key stayed the same. Generally, though, it's a
random large number. (This is why DH requires a certificate, where
EDH doesn't -- EDH is random, where DH uses a public key that requires
[in the context of SSL] an X.509 certification.)
On 2/2/06, Alain Damiral <[EMAIL PROTECTED]> wrote:
Doesn't Diffie-Hellman key exchange ensure that this is true even with
no certificate authentication at all ? (Maybe not with a null cipher ?)
--
Alain Damiral
--
Alain Damiral
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
