[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] Peer certificates not signed by any CA
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [Help-gnutls] Peer certificates not signed by any CA |
Date: |
Thu, 22 Jun 2006 01:30:53 +0200 |
User-agent: |
KMail/1.9.1 |
On Tue 13 Jun 2006 16:28, Florian Weimer wrote:
> On Tue, Jun 13, 2006 at 02:51:34PM +0200, fweimer wrote:
> > > In that case if you would like to send the client certificate
> > > anyway, you should use the callback function (don't remember the
> > > name right now).
> >
> > Will try and report.
>
> gnutls_certificate_client_get_request_status still returns 0 on the
> client side, but it seems that this time, a certificate is actually
> transmitted in a way the server can handle it.
This looks like a bug, but from a quick glimpse the code looks ok.
I'll try to check it further once I have more time.
> May I assume that the first certificate returned by
> gnutls_certifcate_get_peers contains public key material which
> actually corresponds to the private key material which was used to
> establish the ssession?
No. That would be the last certificate in the chain.
> By the way, gnutls_certificate_client_set_retrieve_function is not a
> well-designed interface. The callback function lacks a closure
> parameter.
What do you mean by closure parameter?
> Even worse, it is hard to fake it because
> gnutls_certificate_client_set_retrieve_function is called with a
> credentials structure, and the callback is called with a session
> structure. Extremely annoying.
But you want to know the session in the callback (to obtain information
about the current session). The session is the caller of the callback.
regards,
Nikos