* Nikos Mavrogiannopoulos: >> May I assume that the first certificate returned by >> gnutls_certifcate_get_peers contains public key material which >> actually corresponds to the private key material which was used to >> establish the ssession?
> No. That would be the last certificate in the chain. Ah, thanks. >> By the way, gnutls_certificate_client_set_retrieve_function is not a >> well-designed interface. The callback function lacks a closure >> parameter. > What do you mean by closure parameter? Most libraries provide a void * argument which can be used to pass user data to the callback function. For an example, see libpcap and pcap_loop. >> Even worse, it is hard to fake it because >> gnutls_certificate_client_set_retrieve_function is called with a >> credentials structure, and the callback is called with a session >> structure. Extremely annoying. > But you want to know the session in the callback (to obtain information > about the current session). The session is the caller of the callback. I might also need a database handle to fetch data that is used to verify the client certificate, or to locate the function that should be called. Currently, I put the data I need into the transport data structure and call gnutls_transport_get_ptr in the verification callback function, but this is rather hackish. It seems that gnutls_certificate_verify_peers2 sometimes returns 0 even though no matching certificate chain has been provided. Shall we discuss details on this mailing list or somewhere else? -- Florian Weimer <[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Durlacher Allee 47 tel: +49-721-96201-1 D-76131 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
