Cool! That's clear. In the gnutlc-cli command i can't find how to send a certificate. Which option should be used for that?
On Mon, Apr 20, 2015 at 01:11:24PM +0200, Nikos Mavrogiannopoulos wrote: > On Mon, Apr 20, 2015 at 1:18 PM, <[email protected]> wrote: > > Hmm i see i didn't put the last working CRL generate command there, this is > > what i did yesterday, > > > > certtool --generate-crl --load-ca-privkey=ca-key.pem \ > > --load-ca-certificate=ca-cert.pem \ > > --load-certificate lrc-ldap_client.gnutls.crt \ > > --outfile=crl.pem > > So lrc-ldap_client.gnutls.crt should be revoked, right? > > Correct. > > > * Accepted connection from IPv4 10.50.2.12 port 48559 on Mon Apr 20 > > 13:06:31 2015 > > - Description: (TLS1.2)-(ECDHE-RSA-SECP192R1)-(AES-128-GCM) > > - Session ID: > > 13:74:51:E3:69:B6:CB:02:07:38:A1:A8:40:42:00:70:BF:A4:98:C4:BC:D7:FE:F8:D4:7E:B0:86:A7:8F:ED:23 > > - Given server name[1]: lrc-ldap > > No certificates found! > > - Ephemeral EC Diffie-Hellman parameters > > - Using curve: SECP192R1 > > - Curve size: 192 bits > > - Version: TLS1.2 > > - Key Exchange: ECDHE-RSA > > - Server Signature: RSA-SHA256 > > - Cipher: AES-128-GCM > > - MAC: AEAD > > - Compression: NULL > > - Channel binding 'tls-unique': 17480355da49f20e21775f7c > > It's interesting that the server now says 'No certificates found!' i don't > > know if this has something to do with the revocation. > > But still i'm able to write data to the server which is received. > > That message means that the client didn't send any certificates. Use > "-r" on gnutls-serv to force the client send its certificate. > > regards, > Nikos > > _______________________________________________ > Gnutls-help mailing list > [email protected] > http://lists.gnupg.org/mailman/listinfo/gnutls-help _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
