[Help-gnutls] Peer certificates not signed by any CA
Florian Weimer
fweimer at bfk.de
Tue Jun 13 16:28:35 CEST 2006
On Tue, Jun 13, 2006 at 02:51:34PM +0200, fweimer wrote:
> > In that case if you would like to send the client certificate anyway,
> > you should use the callback function (don't remember the name right
> > now).
>
> Will try and report.
gnutls_certificate_client_get_request_status still returns 0 on the
client side, but it seems that this time, a certificate is actually
transmitted in a way the server can handle it.
May I assume that the first certificate returned by
gnutls_certifcate_get_peers contains public key material which actually
corresponds to the private key material which was used to establish the
ssession?
By the way, gnutls_certificate_client_set_retrieve_function is not a
well-designed interface. The callback function lacks a closure
parameter. Even worse, it is hard to fake it because
gnutls_certificate_client_set_retrieve_function is called with a
credentials structure, and the callback is called with a session
structure. Extremely annoying.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Durlacher Allee 47 tel: +49-721-96201-1
D-76131 Karlsruhe fax: +49-721-96201-99
More information about the Gnutls-help
mailing list