On 1/11/2018 09:28, pratyush parimal wrote:If you call SSL_CTX_check_private_key() on your context it will return "0" if the private key and certificate you have loaded do not match (and thus won't work.) If you get a "1" back then provided you have a set of ciphers declared (or the defaults) that are compatible on both ends so the code can negotiate a cipher set then it should work. There is no guaranteed way to know if a connection will work from some other piece of code you don't control, however, because it's entirely possible for the other end to try to insist on (or only be able to support) a protocol you have disallowed (e.g. SSLv3) or for there to be no intersection between the cipher sets allowed by both sides and the certificate and key constraints (never mind certificate validation, if you are checking it.) IMHO see above. |
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users