I got the code from one of those examples and when arriving to the
gnutls_certificate_get_peers function I get a "No certificate was found" error.
cert_list = gnutls_certificate_get_peers( trans->session, &cert_list_size);
if ( cert_list == NULL) {
coap_log_error("No certificate was found!\n");
return -1;
}
The client goes throguh the following steps. I removed error control and extra
code for simplicity.
ret = gnutls_global_init();
ret = gnutls_certificate_allocate_credentials(&client->cred);
ret = gnutls_certificate_set_x509_trust_file(client->cred, trust_file_name,
GNUTLS_X509_FMT_PEM);
ret = gnutls_certificate_set_x509_crl_file(client->cred, crl_file_name,
GNUTLS_X509_FMT_PEM);
ret = gnutls_certificate_set_x509_key_file(client->cred, cert_file_name,
key_file_name, GNUTLS_X509_FMT_PEM);
ret = gnutls_priority_init(&client->priority, COAP_CLIENT_DTLS_PRIORITIES,
NULL);
ret = gnutls_init(&client->session, GNUTLS_CLIENT | GNUTLS_DATAGRAM |
GNUTLS_NONBLOCK);
ret = gnutls_credentials_set(client->session, GNUTLS_CRD_CERTIFICATE,
client->cred);
ret = gnutls_priority_set(client->session, client->priority);
gnutls_transport_set_ptr(client->session, client);
gnutls_transport_set_pull_function(client->session,
coap_client_dtls_pull_func);
gnutls_transport_set_pull_timeout_function(client->session,
coap_client_dtls_pull_timeout_func);
gnutls_transport_set_push_function(client->session,
coap_client_dtls_push_func);
gnutls_dtls_set_mtu(client->session, COAP_CLIENT_DTLS_MTU);
gnutls_dtls_set_timeouts(client->session, COAP_CLIENT_DTLS_RETRANS_TIMEOUT,
COAP_CLIENT_DTLS_TOTAL_TIMEOUT);
ret = gnutls_handshake(client->session);
I have been checking with another client example in the manual and I see
nowhere I am doing things differently.
any idea where my mistake is?
thanks.
Jordi
-----Mensaje original-----
De: Gnutls-help [mailto:[email protected]] En nombre de
Nikos Mavrogiannopoulos
Enviado el: lunes, 16 de enero de 2017 19:35
Para: [email protected]
Asunto: Re: [gnutls-help] Obtain CN from session certificate
On Mon, 2017-01-16 at 08:12 +0000, Jordi Blasi Uribarri wrote:
> Hi,
>
> I am trying to adapt some other developers project and my
> understanding of the process is not complete. I have compiled and run
> the FreeCoap project that uses GNUTLS to stablish a DTLS session to
> comunicate between peers. At the present, the code negotiates the keys
> using x.509 certificates and sends information correctly. The keys are
> generated with the following command:
> [...]
> What I want is to obtain in the code the information relative to the
> requester, this means, the cn, unit, and organization.
I'd suggest to read the manual. While extensive it has quite some examples.
You'll need to get the peer's certificate and parse it. For start check
gnutls_certificate_get_peers().
regards,
Nikos
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
