Hi, yes, you are right, it was my fault. My client certificate (self-signed) was not included in the list of trusted CA in the master...
----- Mail original ----- > > As far as I understand from your description the client never sent a > certificate even if you have configured it to send one. Is that > correct? > > > On the client side, If I look at _gnutls_handshake_client, during > > the same > > handshake, only STATE0 is executed. More, gnutls_handshake function > > is > > executed only once. STATE7, responsible of sending client > > certificate is > > never executed. Is it a normal situation to see a TLS handshake with > > so few > > STATE executed ? STATE2 and STATE3 shouldn't be catched ? > > So I assume that there is a certificate configured. In that case is > the authority of the certificate trusted by the server? In TLS, the > server sends to the client its trusted authorities and the client > replies with a certificate from that list. If its certificate is not > from this trusted list gnutls will not send any (different versions > may have different behavior - which one do you try with?). ok, that's it ! I just have re-re-read the gnutls doc and it is clearly written ! Thank you very much :) Regards, You can > check the actual conversation using wireshark, and see in the server's > certificate request message the list of trusted authorities. If you > see no certificate request message from the server, it means that the > server is configured not to request a certificate from the client. > > regards, > Nikos -- Pascal Fautrero DTIC - Mission TICE CRDP de Versailles - 2 rue Pierre Bourdan - 78160 Marly-le-Roi http://www.crdp.ac-versailles.fr/ _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
