On Wed, Apr 12, 2006 at 10:00:29AM -0400, Tom Lane wrote:
> Martijn van Oosterhout <kleptog@svana.org> writes:
> > It's not clear why the code was added in the first place,
> I thought it was there to support client-side authentication (ie,
> verifying the server's certificate).  We don't support that right
> now but we ought to.

That's there AFAICS, using the functions:

SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL)
SSL_CTX_set_verify(SSL_context, SSL_VERIFY_PEER, verify_cb)

That has nothing to do with DH params though, which are purely used to
generate a secret key during negotiation. The server sends you the DH
params as part of the negotiation, the client doesn't need any itself.


Have a nice day,
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

Attachment: signature.asc
Description: Digital signature

Reply via email to