[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Peer certificates not signed by any CA
|
From: |
Florian Weimer |
|
Subject: |
Re: [Help-gnutls] Peer certificates not signed by any CA |
|
Date: |
Tue, 13 Jun 2006 16:28:35 +0200 |
|
User-agent: |
Mutt/1.5.11+cvs20060403 |
On Tue, Jun 13, 2006 at 02:51:34PM +0200, fweimer wrote:
> > In that case if you would like to send the client certificate anyway,
> > you should use the callback function (don't remember the name right
> > now).
>
> Will try and report.
gnutls_certificate_client_get_request_status still returns 0 on the
client side, but it seems that this time, a certificate is actually
transmitted in a way the server can handle it.
May I assume that the first certificate returned by
gnutls_certifcate_get_peers contains public key material which actually
corresponds to the private key material which was used to establish the
ssession?
By the way, gnutls_certificate_client_set_retrieve_function is not a
well-designed interface. The callback function lacks a closure
parameter. Even worse, it is hard to fake it because
gnutls_certificate_client_set_retrieve_function is called with a
credentials structure, and the callback is called with a session
structure. Extremely annoying.
--
Florian Weimer <address@hidden>
BFK edv-consulting GmbH http://www.bfk.de/
Durlacher Allee 47 tel: +49-721-96201-1
D-76131 Karlsruhe fax: +49-721-96201-99