From jonetsu at teksavvy.com Tue Aug 9 00:12:32 2016 From: jonetsu at teksavvy.com (jonetsu) Date: Mon, 08 Aug 2016 18:12:32 -0400 Subject: [gnutls-help] Intermediate CAs Message-ID: <3d9169bb985447e24bd41f2869bd49fa@teksavvy.com> Hello, Is there an example or two around on how to handle intermediate CAs using GnuTLS ? Thanks. From nmav at gnutls.org Tue Aug 9 07:40:20 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 09 Aug 2016 07:40:20 +0200 Subject: [gnutls-help] gnutls 3.5.3 Message-ID: <1470721220.14429.2.camel@gnutls.org> Hello,? ?I've just released gnutls 3.5.3. This is a minor enhancements and bugfix release for the 3.5.x branch. * Version 3.5.3 (released 2016-08-09) ** libgnutls: Added support for TCP fast open (RFC7413), allowing ???to reduce by one round-trip the handshake process. Based on proposal ? ?and patch by Tim Ruehsen. ** libgnutls: Adopted a simpler with less memory requirements DTLS ? ?sliding window implementation. Based on Fridolin Pokorny's ? ?implementation for AF_KTLS. ** libgnutls: Use getrandom where available via the syscall interface. ???This works around an issue of not-using getrandom even if it exists ???since glibc doesn't declare such function. ** libgnutls: Fixed DNS name constraints checking in the case of empty ???intersection of domain names in the chain. Report and fix by Martin ? ?Ukrop. ** libgnutls: Fixed name constraints checking in the case of chains ???where the higher level certificates contained different types of ???constraints than the ones present in the lower intermediate CAs. ???Report and fix by Martin Ukrop. ** libgnutls: Dropped support for the EGD random generator. ** libgnutls: Allow the decoding of raw elements (starting with #) ???in RFC4514 DN string decoding. ** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was ???ignoring flags if all certificates in the list fit within the ???initially allocated memory. Patch by Tim Kosse. ** libgnutls: Corrected issue which made ? ?gnutls_certificate_get_x509_crt() to return invalid pointers when ? ?returned more than a single certificate. Report and fix by Stefan ? ?S?rensen. ** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the ? ?complete chain, even when the extra_certs was non-null. Report and ? ?fix by Stefan S?rensen. ** certtool: Added the "add_extension" and "add_critical_extension" ???template options. This allows specifying arbitrary extensions into ???certificates and certificate requests. ** gnutls-cli: Added the --fastopen option. ** API and ABI modifications: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added gnutls_x509_crq_set_extension_by_oid: Added gnutls_x509_dn_set_str: Added gnutls_transport_set_fastopen: Added Getting the Software ==================== GnuTLS may be downloaded directly from .??A list of GnuTLS mirrors can be found at . Here are the XZ compressed sources: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.3.tar.xz Here are OpenPGP detached signatures signed using key 0x96865171: ? ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.3.tar.xz.sig Note that it has been signed with my openpgp key: pub???3104R/96865171 2008-05-04 [expires: 2028-04-29] uid??????????????????Nikos Mavrogiannopoulos gnutls.org> uid??????????????????Nikos Mavrogiannopoulos gmail.com> sub???2048R/9013B842 2008-05-04 [expires: 2018-05-02] sub???2048R/1404A91D 2008-05-04 [expires: 2018-05-02] regards, Nikos From gkdbwl at hanmail.net Tue Aug 9 08:23:06 2016 From: gkdbwl at hanmail.net (TMYJ) Date: Tue, 09 Aug 2016 15:23:06 +0900 (KST) Subject: [gnutls-help] handshake error Message-ID: <20160809152306.HM.b0000000008eUGa@gkdbwl.wwl1707.hanmail.net> An HTML attachment was scrubbed... URL: From onkurganguly at gmail.com Tue Aug 9 09:31:59 2016 From: onkurganguly at gmail.com (Onkurananda Ganguly) Date: Tue, 9 Aug 2016 13:01:59 +0530 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 Message-ID: Hi Gnutls team, I am using CentOS7.1 and my Gnutls versions are: gnutls-dane-3.3.8-14.el7_2.x86_64 gnutls-utils-3.3.8-14.el7_2.x86_64 gnutls-3.3.8-14.el7_2.x86_64 gnutls-devel-3.3.8-14.el7_2.x86_64 gnutls-c++-3.3.8-14.el7_2.x86_64 Whenever I tried to connect an Windows IIS8 server I am getting below error---- - Key Exchange: RSA - Protocol: TLS1.2 - Certificate Type: X.509 - Compression: NULL - Cipher: AES-128-CBC - MAC: SHA256 Note: SSL paramaters may change as new connections are established to the server. /usr/bin/httpfs2-ssl: main: closing socket. /usr/bin/httpfs2-ssl: main: closing SSL socket. /usr/bin/httpfs2-ssl: main: initializing SSL socket. /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the peer.. /usr/bin/httpfs2-ssl: main: exchange: failed receving reply from server: 5 Input/output error. I tried to disable DH, RC4 algorithm but no issue. It still giving me the error. Any help will be appreciated. Thanks, Onkurananda Ganguly -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Tue Aug 9 10:12:31 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 9 Aug 2016 10:12:31 +0200 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: On Tue, Aug 9, 2016 at 9:31 AM, Onkurananda Ganguly wrote: > Hi Gnutls team, > Whenever I tried to connect an Windows IIS8 server I am getting below > error---- > - Key Exchange: RSA > - Protocol: TLS1.2 > - Certificate Type: X.509 > - Compression: NULL > - Cipher: AES-128-CBC > - MAC: SHA256 > Note: SSL paramaters may change as new connections are established to the > server. > /usr/bin/httpfs2-ssl: main: closing socket. > /usr/bin/httpfs2-ssl: main: closing SSL socket. > /usr/bin/httpfs2-ssl: main: initializing SSL socket. > /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the > peer.. The server requested a rehandshake but the client (httpfs2-ssl) you are using didn't handle it. You'd better report it to that tool. regards, Nikos From onkurganguly at gmail.com Tue Aug 9 10:39:44 2016 From: onkurganguly at gmail.com (Onkurananda Ganguly) Date: Tue, 9 Aug 2016 14:09:44 +0530 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: I have already reported to them and below is the response: This is obviously a SSL problem. The Windows server uses different SSL settings which GnuTLS does not like. This is something you should discuss with the GnuTLS packager for your distribution and/or GnuTLS authors. httpfs uses the default SSL settings (this is not configurable at the moment) and those probably disable rehandshake with protocols/ciphers that cannot do rehandshake securely. Thanks, Ganguly On Tue, Aug 9, 2016 at 1:42 PM, Nikos Mavrogiannopoulos wrote: > On Tue, Aug 9, 2016 at 9:31 AM, Onkurananda Ganguly > wrote: > > Hi Gnutls team, > > Whenever I tried to connect an Windows IIS8 server I am getting below > > error---- > > - Key Exchange: RSA > > - Protocol: TLS1.2 > > - Certificate Type: X.509 > > - Compression: NULL > > - Cipher: AES-128-CBC > > - MAC: SHA256 > > Note: SSL paramaters may change as new connections are established to the > > server. > > /usr/bin/httpfs2-ssl: main: closing socket. > > /usr/bin/httpfs2-ssl: main: closing SSL socket. > > /usr/bin/httpfs2-ssl: main: initializing SSL socket. > > /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the > > peer.. > > The server requested a rehandshake but the client (httpfs2-ssl) you > are using didn't handle it. You'd better report it to that tool. > > regards, > Nikos > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gkdbwl at hanmail.net Tue Aug 9 11:06:47 2016 From: gkdbwl at hanmail.net (TMYJ) Date: Tue, 09 Aug 2016 18:06:47 +0900 (KST) Subject: [gnutls-help] handshake error Message-ID: <20160809180647.HM.b0000000008eUGg@gkdbwl.wwl1707.hanmail.net> An HTML attachment was scrubbed... URL: From hramrach at gmail.com Tue Aug 9 11:17:25 2016 From: hramrach at gmail.com (Michal Suchanek) Date: Tue, 9 Aug 2016 11:17:25 +0200 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: Hello, On 9 August 2016 at 10:12, Nikos Mavrogiannopoulos wrote: > On Tue, Aug 9, 2016 at 9:31 AM, Onkurananda Ganguly > wrote: >> Hi Gnutls team, >> Whenever I tried to connect an Windows IIS8 server I am getting below >> error---- >> - Key Exchange: RSA >> - Protocol: TLS1.2 >> - Certificate Type: X.509 >> - Compression: NULL >> - Cipher: AES-128-CBC >> - MAC: SHA256 >> Note: SSL paramaters may change as new connections are established to the >> server. >> /usr/bin/httpfs2-ssl: main: closing socket. >> /usr/bin/httpfs2-ssl: main: closing SSL socket. >> /usr/bin/httpfs2-ssl: main: initializing SSL socket. >> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the >> peer.. > > The server requested a rehandshake but the client (httpfs2-ssl) you > are using didn't handle it. You'd better report it to that tool. what is needed on the clients part to handle the rehandshake? Does GnuTLS not handle rehandshake internally? Thanks Michal From nmav at gnutls.org Tue Aug 9 11:58:27 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 9 Aug 2016 11:58:27 +0200 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek wrote: >>> Hi Gnutls team, >>> Whenever I tried to connect an Windows IIS8 server I am getting below >>> error---- >>> - Key Exchange: RSA >>> - Protocol: TLS1.2 >>> - Certificate Type: X.509 >>> - Compression: NULL >>> - Cipher: AES-128-CBC >>> - MAC: SHA256 >>> Note: SSL paramaters may change as new connections are established to the >>> server. >>> /usr/bin/httpfs2-ssl: main: closing socket. >>> /usr/bin/httpfs2-ssl: main: closing SSL socket. >>> /usr/bin/httpfs2-ssl: main: initializing SSL socket. >>> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the >>> peer.. >> >> The server requested a rehandshake but the client (httpfs2-ssl) you >> are using didn't handle it. You'd better report it to that tool. > what is needed on the clients part to handle the rehandshake? > Does GnuTLS not handle rehandshake internally? No. Rehandshake typically means re-authentication and the application must handle this explicitly with gnutls (see [0]). By the time you receive such a rehandshake request by the server you can either ignore it (which the server may or may not like), or act on it by following the instructions on [0]. Servers typically ask for rehandshake when the want to connected user to reauthenticate using a client certificate or so. Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal errors from gnutls_record_recv() and gnutls_handshake(). regards, Nikos [0]. https://www.gnutls.org/manual/html_node/Re_002dauthentication.html From onkurganguly at gmail.com Tue Aug 9 12:53:59 2016 From: onkurganguly at gmail.com (Onkurananda Ganguly) Date: Tue, 9 Aug 2016 16:23:59 +0530 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: Thanks for the info. I will make the necessary changes and try connecting again. If I ignore the re-handshake using gnutls_error_is_fatal() and ignore non-fatal error. Will I able to connect to the server?? On Tue, Aug 9, 2016 at 3:28 PM, Nikos Mavrogiannopoulos wrote: > On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek > wrote: > >>> Hi Gnutls team, > >>> Whenever I tried to connect an Windows IIS8 server I am getting below > >>> error---- > >>> - Key Exchange: RSA > >>> - Protocol: TLS1.2 > >>> - Certificate Type: X.509 > >>> - Compression: NULL > >>> - Cipher: AES-128-CBC > >>> - MAC: SHA256 > >>> Note: SSL paramaters may change as new connections are established to > the > >>> server. > >>> /usr/bin/httpfs2-ssl: main: closing socket. > >>> /usr/bin/httpfs2-ssl: main: closing SSL socket. > >>> /usr/bin/httpfs2-ssl: main: initializing SSL socket. > >>> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the > >>> peer.. > >> > >> The server requested a rehandshake but the client (httpfs2-ssl) you > >> are using didn't handle it. You'd better report it to that tool. > > what is needed on the clients part to handle the rehandshake? > > Does GnuTLS not handle rehandshake internally? > > No. Rehandshake typically means re-authentication and the application > must handle this explicitly with gnutls (see [0]). By the time you > receive such a rehandshake request by the server you can either ignore > it (which the server may or may not like), or act on it by following > the instructions on [0]. Servers typically ask for rehandshake when > the want to connected user to reauthenticate using a client > certificate or so. > > Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal > errors from gnutls_record_recv() and gnutls_handshake(). > > regards, > Nikos > > [0]. https://www.gnutls.org/manual/html_node/Re_002dauthentication.html > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hramrach at gmail.com Tue Aug 9 12:56:39 2016 From: hramrach at gmail.com (Michal Suchanek) Date: Tue, 9 Aug 2016 12:56:39 +0200 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: On 9 August 2016 at 11:58, Nikos Mavrogiannopoulos wrote: > On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek wrote: >>> The server requested a rehandshake but the client (httpfs2-ssl) you >>> are using didn't handle it. You'd better report it to that tool. >> what is needed on the clients part to handle the rehandshake? >> Does GnuTLS not handle rehandshake internally? > > No. Rehandshake typically means re-authentication and the application > must handle this explicitly with gnutls (see [0]). By the time you > receive such a rehandshake request by the server you can either ignore > it (which the server may or may not like), or act on it by following > the instructions on [0]. Servers typically ask for rehandshake when > the want to connected user to reauthenticate using a client > certificate or so. > > Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal > errors from gnutls_record_recv() and gnutls_handshake(). This explains the issue. Thanks Michal From onkurganguly at gmail.com Tue Aug 9 13:11:26 2016 From: onkurganguly at gmail.com (Onkurananda Ganguly) Date: Tue, 9 Aug 2016 16:41:26 +0530 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: Michal Suchanek, so I need change the client httpfs2-ssl according to the resolution given. On Tue, Aug 9, 2016 at 4:26 PM, Michal Suchanek wrote: > On 9 August 2016 at 11:58, Nikos Mavrogiannopoulos > wrote: > > On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek > wrote: > > >>> The server requested a rehandshake but the client (httpfs2-ssl) you > >>> are using didn't handle it. You'd better report it to that tool. > >> what is needed on the clients part to handle the rehandshake? > >> Does GnuTLS not handle rehandshake internally? > > > > No. Rehandshake typically means re-authentication and the application > > must handle this explicitly with gnutls (see [0]). By the time you > > receive such a rehandshake request by the server you can either ignore > > it (which the server may or may not like), or act on it by following > > the instructions on [0]. Servers typically ask for rehandshake when > > the want to connected user to reauthenticate using a client > > certificate or so. > > > > Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal > > errors from gnutls_record_recv() and gnutls_handshake(). > > This explains the issue. > > Thanks > > Michal > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at alex.org.uk Tue Aug 9 13:25:24 2016 From: alex at alex.org.uk (Alex Bligh) Date: Tue, 9 Aug 2016 12:25:24 +0100 Subject: [gnutls-help] Unable to connect Windows IIS8, gives -37 In-Reply-To: References: Message-ID: <71796FEE-420A-45F4-909F-164CCF8A60D2@alex.org.uk> > On 9 Aug 2016, at 12:11, Onkurananda Ganguly wrote: > > Michal Suchanek, so I need change the client httpfs2-ssl according to the resolution given. Or stop the server requesting reauthentication. Alex > > > On Tue, Aug 9, 2016 at 4:26 PM, Michal Suchanek wrote: > On 9 August 2016 at 11:58, Nikos Mavrogiannopoulos wrote: > > On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek wrote: > > >>> The server requested a rehandshake but the client (httpfs2-ssl) you > >>> are using didn't handle it. You'd better report it to that tool. > >> what is needed on the clients part to handle the rehandshake? > >> Does GnuTLS not handle rehandshake internally? > > > > No. Rehandshake typically means re-authentication and the application > > must handle this explicitly with gnutls (see [0]). By the time you > > receive such a rehandshake request by the server you can either ignore > > it (which the server may or may not like), or act on it by following > > the instructions on [0]. Servers typically ask for rehandshake when > > the want to connected user to reauthenticate using a client > > certificate or so. > > > > Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal > > errors from gnutls_record_recv() and gnutls_handshake(). > > This explains the issue. > > Thanks > > Michal > > _______________________________________________ > Gnutls-help mailing list > Gnutls-help at lists.gnutls.org > http://lists.gnupg.org/mailman/listinfo/gnutls-help -- Alex Bligh From jonetsu at teksavvy.com Wed Aug 10 01:59:01 2016 From: jonetsu at teksavvy.com (jonetsu at teksavvy.com) Date: Tue, 9 Aug 2016 19:59:01 -0400 Subject: [gnutls-help] Periodic checking of local certificate Message-ID: <20160809195901.2e206d8a@mevla> Hello, Are there any examples around about doing a periodic checking of local certificates using GnuTLS ? Comments, suggestions, much appreciated. From haujin93 at gmail.com Wed Aug 10 08:50:56 2016 From: haujin93 at gmail.com (=?UTF-8?B?7ZWY7Jyg7KeE?=) Date: Wed, 10 Aug 2016 15:50:56 +0900 Subject: [gnutls-help] handshake In-Reply-To: References: Message-ID: Hello, I'm trying to compile sample code. When I excute ex-client-x509 & ex-serv-x509, It displays the following message *** Handshake failed GnuTLS error: Error in the certificate. The certificate is NOT trusted. The name in the certificate does not match the expected. I already copy ca.crt & key.pem to /usr/local/share/ca- certificates.Also I check /etc/ssl/certs/ca-certificates and there existed 'GnuTLS Test CA' How can I make sure that the server's certificate was issued by the CA that the client knows about the trust? 2016-08-09 23:05 GMT+09:00 ??? : > Hello, > > I'm trying to compile sample code. > > When I excute ex-client-x509 & ex-serv-x509, It displays > the following message > > *** Handshake failed > GnuTLS error: Error in the certificate. > The certificate is NOT trusted. The name in the > certificate does not match the expected. > > I already copy ca.crt & key.pem to /usr/local/share/ca- > certificates.Also I check /etc/ssl/certs/ca-certificates > and there existed 'GnuTLS Test CA' > > How can I make sure that the server's certificate was > issued by the CA that the client knows about the trust? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From haujin93 at gmail.com Wed Aug 10 09:01:34 2016 From: haujin93 at gmail.com (=?UTF-8?B?7ZWY7Jyg7KeE?=) Date: Wed, 10 Aug 2016 16:01:34 +0900 Subject: [gnutls-help] handshake error Message-ID: Hello, I'm trying to compile sample code. When I excute ex-client-x509 & ex-serv-x509, It displays the following message *** Handshake failed GnuTLS error: Error in the certificate. The certificate is NOT trusted. The name in the certificate does not match the expected. I already copy ca.crt & key.pem to /usr/local/share/ca- certificates.Also I check /etc/ssl/certs/ca-certificates and there existed 'GnuTLS Test CA' How can I make sure that the server's certificate was issued by the CA that the client knows about the trust? -------------- next part -------------- An HTML attachment was scrubbed... URL: From hk501jy at gmail.com Thu Aug 11 13:03:31 2016 From: hk501jy at gmail.com (Yujin Kim) Date: Thu, 11 Aug 2016 20:03:31 +0900 Subject: [gnutls-help] Certificate verification error Message-ID: Hello, I'm trying to compile sample code ex-client-x509 & ex-serv-x509. But when I excute ex-client-x509 & ex-serv-x509, It displays the following message cert verify output: The certificate is NOT trusted. The name in the certificate does not match the expected. *** Handshake failed: Error in the certificate verification. I already copy ca.crt & key.pem to /usr/local/share/ca- certificates.Also I check /etc/ssl/certs/ca-certificates and there existed 'GnuTLS Test CA' How can I make sure that the server's certificate was issued by the CA that the client knows about the trust? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From clopez43 at comcast.net Tue Aug 23 00:41:51 2016 From: clopez43 at comcast.net (caitin lopez) Date: Mon, 22 Aug 2016 18:41:51 -0400 Subject: [gnutls-help] strange issue Message-ID: <5b9372bf-b927-53af-c3bb-ad83b7c269e6@comcast.net> System: opensuse 13.2 x64 16GB memory (8 core processor) gcc (SUSE Linux) 4.8.3 20140627 [gcc-4_8-branch revision 212064] I tried to use opencv (which uses gnutls) but keep failing with the error above. So I removed the openCV, the gnu tls from the system, get every library which it depends and compile when I try to compile I get this which is the same issue that I have when compiling OpenCV ../lib/.libs/libgnutls.so: undefined reference to `p11_kit_uri_get_pin_value' ../lib/.libs/libgnutls.so: undefined reference to `asn1_decode_simple_ber at LIBTASN1_0_3' ../lib/.libs/libgnutls.so: undefined reference to `asn1_der_decoding2 at LIBTASN1_0_3' collect2: error: ld returned 1 exit status Makefile:1832: recipe for target 'psktool' failed any ideas (no blowing the computer accepted) Thanks From nomeryildiz at gmail.com Thu Aug 25 08:03:28 2016 From: nomeryildiz at gmail.com (=?UTF-8?B?w5ZtZXIgWUlMREla?=) Date: Thu, 25 Aug 2016 09:03:28 +0300 Subject: [gnutls-help] Fwd: Gnutls Smartcard Support in Windows In-Reply-To: References: Message-ID: Hi, I would like to use gnutls with smart card. I can do this in GNU/Linux. I can't compile gnutls with p11-kit in Windows. Does Gnutls support to use smart card in Windows? How can I set TLS connection using certificate inside smart card on windows? Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From nmav at gnutls.org Fri Aug 26 09:32:11 2016 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Fri, 26 Aug 2016 09:32:11 +0200 Subject: [gnutls-help] Fwd: Gnutls Smartcard Support in Windows In-Reply-To: References: Message-ID: On Thu, Aug 25, 2016 at 8:03 AM, ?mer YILDIZ wrote: > Hi, > > I would like to use gnutls with smart card. I can do this in GNU/Linux. I > can't compile gnutls with p11-kit in Windows. Does Gnutls support to use > smart card in Windows? How can I set TLS connection using certificate inside > smart card on windows? You could use PKCS#11 in windows as well with p11-kit, but it is less common. Smart cards in windows typically have a driver that registers its keys as CNG keys. You can use them with gnutls by specifying a system URL: https://www.gnutls.org/manual/html_node/Application_002dspecific-keys.html regards, Nikos