Hi Nikos, >> - In case where I set a certificate and a key (through >> gnutls_certificate_set_x509_key*) >> in a credential struct there is a function/way to add certificates to >> provide them with the first >> certificate (to build chain) ? > > I don't quite understand the question. You mean if you provide an > incomplete chain whether you can fill it in later? If that is the > question, that isn't possible.
Yes, that's the question. ok ... >> - With dh is a new key is generated for every new ssl session ? or >> only once for the >> current cred and parameter pair ? In this latter case can I >> change/control this behavior ? > > A new key is generated on every session to maintain the perfect forward > secrecy requirements. You cannot change that, but why would you want to > do it differently? If performance is an issue then you could use > specially crafted groups (as generated by certtool) that use a prime of > a certain type that allows for keys of smaller size (and thus much > faster exponentiation). Ok, that's exactly the behavior I want, it was just to be sure. > regards, > Nikos > Thank you, Regards, Joe _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
