>From: owner-openssl-us...@openssl.org On Behalf Of Bin Lu
>Sent: Thursday, 07 June, 2012 14:53
>I am trying to use an ECDSA certificate <snip>
>the correct cipher suite is not being chosen <snip>
>dh_tmp, ecdh_tmp and their callback functions <snip> not set
>Is some code missing in SSL_CTX_use_PrivateKey() or these
>dh_tmp, ecdh_tmp values should be set by the application, and how?
The latter. You can set them on SSL_CTX (and use for
one or more connections) or on SSL for one connection
(before handshaking, or possibly renegotiation).
SSL_[CTX_]set_tmp_dh or set_tmp_dh_callback for DH
(but there are no suites that use DH with ECDSA)
SSL_[CTX_]set_tmp_ecdh or set_tmp_ecdh_callback for ECDH
Also SSL_[CTX_]set_tmp_rsa or set_tmp_rsa_callback
if you use the "export" suites (which you should avoid)
and I think if you have a sign-only (i.e. not key-wrap)
RSA cert (but I doubt anybody does that nowadays).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
