Hi,
Simon Josefsson <[EMAIL PROTECTED]> writes:
> Also, creating examples and a self test for the OpenPGP stuff would be
> useful. Have you managed to get it to work at all?
It took me a while, but I finally found why `gnutls-serv' wouldn't do
the job as expected (I knew it should work because I have small
client/server of my own that do work).
First, the patch below must be applied to `serv.c'. Then, actual DH
and/or RSA parameters must be provided or generated for the server. So
we end up with a command-line like this for the server:
$ ./gnutls-serv --dhparams tls-dh-params \
--ctypes openpgp --pgpcertfile pub.asc \
--pgpkeyfile sec.asc
And for the client:
$ gnutls-cli --ctypes openpgp --pgpcertfile pub.asc \
--pgpkeyfile sec.asc -p 5556 localhost
And it works like a charm, even with `--require-cert' passed to the
server.
Can you confirm?
Thanks,
Ludovic.
--- orig/src/serv.c
+++ mod/src/serv.c
@@ -821,9 +821,8 @@
}
gnutls_certificate_set_params_function (cert_cred, get_params);
-/* gnutls_certificate_set_dh_params(cert_cred, dh_params);
- * gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
- */
+ gnutls_certificate_set_dh_params(cert_cred, dh_params);
+ gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
/* this is a password file (created with the included srpcrypt utility)
* Read README.crypt prior to using SRP.
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
