On 09/20/2013 05:35 PM, Jonathan Roudiere wrote: > Hello everyone, > > I'm porting a software from OpenSSL to GnuTLS, after having read the > (great!) gnutls documentation I still have a couple of questions. > > - there is a way to retrieve certificates or pkey from a credential struct ? > (a bit like gnutls_certificate_get_ours but for a > certificate_credentials structure).
Unfortunately no. This was intentional to allow rewrites of the internals of the certificate credentials structure. > - In case where I set a certificate and a key (through > gnutls_certificate_set_x509_key*) > in a credential struct there is a function/way to add certificates to > provide them with the first > certificate (to build chain) ? I don't quite understand the question. You mean if you provide an incomplete chain whether you can fill it in later? If that is the question, that isn't possible. > - With dh is a new key is generated for every new ssl session ? or > only once for the > current cred and parameter pair ? In this latter case can I > change/control this behavior ? A new key is generated on every session to maintain the perfect forward secrecy requirements. You cannot change that, but why would you want to do it differently? If performance is an issue then you could use specially crafted groups (as generated by certtool) that use a prime of a certain type that allows for keys of smaller size (and thus much faster exponentiation). regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
