Re: "known in advance" public key authentication?

[Ilari Liusvaara]

On Wed, Nov 07, 2012 at 09:33:23PM +0700, Ivan Shmakov wrote:
 
>       Hence, the question is: is there a way to specify the local key
>       pair and the remote public key to GnuTLS “directly”, just prior
>       to connecting the remote?

I implemented about half of that (client that ever connects to one
server, so it hardcodes its public key instead of messing with certs).

The outgoing key and certificate are set the same way self-signed
or not.

I don't know a way to specify expected public key. Instead,
in the code I wrote, I extract the certificate and then check the
key:

- gnutls_certificate_get_peers 
- gnutls_x509_crt_import (index 0)
- gnutls_x509_crt_get_pk_algorithm
- gnutls_x509_crt_get_pk_rsa_raw / gnutls_x509_crt_get_pk_dsa_raw

The same thing should work on the server end.

-Ilari