Hi,
Could you describe in a bit more detail what your patch does? I don't
really understand the openssl innards well enough, but am curious.
*If* I understand it correctly, what it does is provide keying material
(ECDH) to support EC for the TLS handshake, right? And there isn't actually
anything in OpenVPN needed (besides provide keying material) as that's
all "inside OpenSSL".
Yes, openssl does everything for us. I just added option to config.
So how do you create the key material?
I used function EC_KEY_new_by_curve_name to generate eliptic curve parameters
of type specyfied in config file.
Which parts of the key handshake does it cover? Signature/Certificates,
or *only* DH?
Handshake only, EC certificates worked for me without doing anything.
Also, DH didn't work with EC certificates( no such cipher ).
Piotr Jarosz
