How do I write an openssl server that on a single port has two different active RSA private keys? The openssl documentation seems to implies there can only be one rsa private key active at time with in a context. So I was thinking I have two active context, but what is the code to handle figuring out which connection matches which context. Or am I going about this the wrong way.
A:
It's kind of an odd thing to want, but it's doable. You can maintain two active SSL_CTX handles, each of which has a different certificate/private key pair loaded.
When you accept a new connection, just pick the right SSL_CTX to generate the new SSL handle from (using SSL_new()). As for "which connection matches which certificate" - that's up to you to determine. You could decide based on the peer address of the connection, or you might have a plain text protocol prior to starting SSL where the peer identifies the certificate it is expecting.
caf
2010-06-10 00:20:37