Hi Anil-- On Fri 2015-06-05 01:33:00 -0400, Anil Kumar wrote:
> I am using same key file and certificate file for both server and client. why? what are you expecting to gain from this configuration? If client and server can share secret key material, you might decide to use a different handshake mode entirely, like PSK. > Is this fine ? or I have to generate separate files for client and server ? It's generally good practice to ensure that secret key material is limited to the machines that truly need it. > I am generating the file using certtool binary. > > My handshake process is success, but in wireshark capture I can only see > the server certificate. In TLS, the client will never send a certificate unless the server asks for one. > I have set the required API's at both the ends to verify the certificate, > but still I am not seeing the client certifcate being exchanged. what APIs have you invoked? when does your program invoke them? being specific will help. In particular, have you invoked gnutls_certificate_server_set_request() on the server side before the handshake is underway? http://gnutls.org/manual/gnutls.html#gnutls_005fcertificate_005fserver_005fset_005frequest --dkg _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
