Certificate Request State

Peter Hendrickson pdh at wiredyne.com
Tue Jun 30 22:24:48 CEST 2009

Running GnuTLS 2.8.1 under Ubuntu 9.04, I find that
gnutls_certificate_client_get_request_status() falsely reports that no
client certificate was requested, even when there was a request.  (The
server code is supposed to be asking for a certificate, it
successfully verifies the client certificate, and I can see the
certificate request packet to the client and the client sending its

Watching in the debugger, it appears that when the "Certificate
Request" handshake packet arrives at the client from the server, the
client sets session->key->certificate_requested to 1 in

The problem seems to lie in gnutls_certificate_client_get_request_status()

It calls _gnutls_get_auth_info() to get a pointer called "info" which
is really just session->key->auth_info.  Then _get_request_status()
returns the value of info->certificate_requested; that is, effectively
session->key->auth_info->certificate_requested.  It should probably
just return session->key->certificate_requested.

Without having figured out every detail, it looks to me as if the code
that sets the status and the code that reads the status are using two
different locations.  There seems to be no relationship between the
two.  _get_request_status() seems to be the only place in the code
that does anything with session->key->auth_info->certificate_requested.


More information about the Gnutls-devel mailing list