[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Sending a client certificate
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: [Help-gnutls] Sending a client certificate |
|
Date: |
Sat, 5 Feb 2005 21:27:06 +0100 |
|
User-agent: |
KMail/1.7.2 |
On Saturday 05 February 2005 19:47, Martin Lambers wrote:
> On Sat, 05. Feb 2005, 19:02:34 +0100, Nikos Mavrogiannopoulos wrote:
> > Does the server request a certificate? If it doesn't then no matter if
> > you specify one, it will not be used. Otherwise please attach the
> > output of ssldump, or the debug output of level 3.
>
> This is the level 3 debug output:
> GNUTLS DEBUG 3: HSK[8076ad0]: CERTIFICATE was received [1454 bytes]
> GNUTLS DEBUG 3: HSK[8076ad0]: CERTIFICATE REQUEST was received [137 bytes]
> GNUTLS DEBUG 2: ASSERT: auth_cert.c:198
> GNUTLS DEBUG 3: HSK[8076ad0]: SERVER HELLO DONE was received [4 bytes]
> GNUTLS DEBUG 3: HSK[8076ad0]: CERTIFICATE was send [7 bytes]
So it seems you got a certificate request and the certificate gnutls select is
empty. This might be because your certificate does not
match the CAs advertized by the server. You can check the CAs advertized
by the server by using gnutls-cli. If you want to override the server's
request, and send anyway a certificate you have to use the retrieve[0]
function as used in gnutls-cli (cli.c).
[0]. gnutls_certificate_client_set_retrieve_function()
--
Nikos Mavrogiannopoulos