On 8/30/2011 3:29 AM, Dave Thompson wrote:
... That sounds like the keyUsage bit dataEncipherment, and OpenSSL CA can set it. But SSL never *does* dataEncipherment using a certificate/key, so this bit should not be needed or make any difference.
Small correction: SSL/TLS never does dataEncipherment with *client* certificates, and always does dataEncipherment with *server* certificates (if any).
So dataEncipherment should be set in the SSL server certificate and clear in the SSL client certificate, as is apparently already the case here, so that part is OK.
I think the problem is more likely 'requested client CA-name(s)'.
Agree. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
