The ECDH callback needs to query the server's certificate to discover the EC group being used. The callback can then return a temporary key in the field.
It looks like SSL_get_certificate can be used for the purpose. SSL_get_certificate is used in apps/s_cb.c, but there's no documentation for it. Documentation for the function would probably be a good thing. The docs should state whether the X509* is referenced counted and must be freed (likely so if its similar to SSL_get_peer_certificate). And an example of using it in the ECDH callback would probably be helpful to those using it. _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev