[Help-gnutls] Re: Using the gnutls_sign_callback_set method
Simon Josefsson
simon at josefsson.org
Mon May 18 11:52:53 CEST 2009
<Tobias.Soder at swisscom.com> writes:
> Hi everybody
>
> We're trying to get gnutls to work with a cryptographic
> token. Therefore I've had a look at the gnutls_sign_callback_set
> method. What I don't understand is: At which point is the method
> called that I'm passing to gnutls_sign_callback_set?
During the call to gnutls_handshake.
See the self-test tests/x509signself.c, it forks a server and client
that talks to each other using the sign callback, without any private
key being available elsewhere in the code.
> I've tried it out by doing this:
...
> gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);
I think this is your problem, you need to set a NULL keyfile. Otherwise
you supply the library with a private key, so it will use that instead
of invoking the callback. From the x509signself.c code:
gnutls_certificate_set_x509_key_mem (xcred, &cert, NULL,
GNUTLS_X509_FMT_PEM);
I think the example looks fine otherwise, although I didn't try to run
it.
/Simon
More information about the Gnutls-help
mailing list