On Wed, Apr 12, 2006 at 10:00:29AM -0400, Tom Lane wrote: > Martijn van Oosterhout <email@example.com> writes: > > It's not clear why the code was added in the first place, > > I thought it was there to support client-side authentication (ie, > verifying the server's certificate). We don't support that right > now but we ought to.
That's there AFAICS, using the functions: SSL_CTX_load_verify_locations(SSL_context, fnbuf, NULL) SSL_CTX_set_verify(SSL_context, SSL_VERIFY_PEER, verify_cb) That has nothing to do with DH params though, which are purely used to generate a secret key during negotiation. The server sends you the DH params as part of the negotiation, the client doesn't need any itself. http://en.wikipedia.org/wiki/Diffie-Hellman Have a nice day, -- Martijn van Oosterhout <firstname.lastname@example.org> http://svana.org/kleptog/ > Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a > tool for doing 5% of the work and then sitting around waiting for someone > else to do the other 95% so you can sue them.
Description: Digital signature