On Mon, Apr 20, 2015 at 1:18 PM, <[email protected]> wrote: > Hmm i see i didn't put the last working CRL generate command there, this is > what i did yesterday, > > certtool --generate-crl --load-ca-privkey=ca-key.pem \ > --load-ca-certificate=ca-cert.pem \ > --load-certificate lrc-ldap_client.gnutls.crt \ > --outfile=crl.pem > So lrc-ldap_client.gnutls.crt should be revoked, right?
Correct. > * Accepted connection from IPv4 10.50.2.12 port 48559 on Mon Apr 20 13:06:31 > 2015 > - Description: (TLS1.2)-(ECDHE-RSA-SECP192R1)-(AES-128-GCM) > - Session ID: > 13:74:51:E3:69:B6:CB:02:07:38:A1:A8:40:42:00:70:BF:A4:98:C4:BC:D7:FE:F8:D4:7E:B0:86:A7:8F:ED:23 > - Given server name[1]: lrc-ldap > No certificates found! > - Ephemeral EC Diffie-Hellman parameters > - Using curve: SECP192R1 > - Curve size: 192 bits > - Version: TLS1.2 > - Key Exchange: ECDHE-RSA > - Server Signature: RSA-SHA256 > - Cipher: AES-128-GCM > - MAC: AEAD > - Compression: NULL > - Channel binding 'tls-unique': 17480355da49f20e21775f7c > It's interesting that the server now says 'No certificates found!' i don't > know if this has something to do with the revocation. > But still i'm able to write data to the server which is received. That message means that the client didn't send any certificates. Use "-r" on gnutls-serv to force the client send its certificate. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
