[gnutls-devel] gnutls_certificate_verify_peers* question

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Feb 20 17:24:19 CET 2013

On 02/19/2013 02:49 PM, Jaak Ristioja wrote:

>> Hello, For simplicity I'll focus on the signing ciphersuites. In
>> that case, during the handshake you receive a message from the peer
>> that contains handshake parameters (it is the random nonces and DH
>> params in server side) that are signed. This message is verified in
>> gnutls_handshake() directly (i.e. you have no say on that). If that
>> succeeds the callback takes control and verifies whether the
>> parameters (i.e. the certificate) used in the previous signature
>> verification are acceptable.
> Do I understand it correctly, that once the callback (set using 
> gnutls_certificate_set_verify_function) is called during handshake,
> it has already been verified that the peer holds the private key for
> the public key in the certificate the peer provides?

No you don't know that. What you know is that after the handshake is
completed successfully a certain proof of the peer holding the private
key has been received (e.g., the signature). That is, there are no
guarantees on when the function to verify the certificate will be


More information about the Gnutls-devel mailing list