[gnutls-devel] gnutls_certificate_verify_peers* question

Jaak Ristioja jaak.ristioja at cyber.ee
Thu Feb 21 10:02:38 CET 2013

On 20.02.2013 18:24, Nikos Mavrogiannopoulos wrote:
> On 02/19/2013 02:49 PM, Jaak Ristioja wrote:
>>> Hello, For simplicity I'll focus on the signing ciphersuites. In
>>> that case, during the handshake you receive a message from the peer
>>> that contains handshake parameters (it is the random nonces and DH
>>> params in server side) that are signed. This message is verified in
>>> gnutls_handshake() directly (i.e. you have no say on that). If that
>>> succeeds the callback takes control and verifies whether the
>>> parameters (i.e. the certificate) used in the previous signature
>>> verification are acceptable.
>> Do I understand it correctly, that once the callback (set using 
>> gnutls_certificate_set_verify_function) is called during handshake,
>> it has already been verified that the peer holds the private key for
>> the public key in the certificate the peer provides?
> No you don't know that. What you know is that after the handshake is
> completed successfully a certain proof of the peer holding the private
> key has been received (e.g., the signature). That is, there are no
> guarantees on when the function to verify the certificate will be
> called.

Thank you, this clarifies it.

Best regards,

More information about the Gnutls-devel mailing list