Hi,
There is a comment (starting on line 2169 of s3_clnt.c openssl-0.9.8o) that
states:
/* XXX: For now, we do not support client
* authentication using ECDH certificates.
* To add such support, one needs to add
* code that checks for appropriate
* conditions and sets ecdh_clnt_cert to 1.
* For example, the cert have an ECC
* key on the same curve as the server's
* and the key should be authorized for
* key agreement.
*
* One also needs to add code in ssl3_connect
* to skip sending the certificate verify
* message.
*
* if ((s-cert-key-privatekey != NULL)
* (s-cert-key-privatekey-type ==
* EVP_PKEY_EC) ...)
* ecdh_clnt_cert = 1;
*/
So authentication using an EC certificate is not currently supported by
OpenSSL? Are there any plans to add support?
Many Thanks,
Kind Regards,
--
Alex Birkett
mBricks AS
Fornebuveien 31, P.O. Box 69
NO-1324 Lysaker, NORWAY
www.mbricks.no
Follow us on Twitter: www.twitter.com/mBricksTeam