Hi, When X.509 authentication is used along with `GNUTLS_CERT_REQUIRE' on the server-side, the client apparently does not send its certificate as it should. Enabling debugging shows the following:
[7999|3] HSK[80aaee0]: CERTIFICATE was send [678 bytes] [8037|3] HSK[80aaee0]: CERTIFICATE was received [678 bytes] [7999|3] HSK[80aaee0]: CERTIFICATE REQUEST was send [9 bytes] [8037|3] HSK[80aaee0]: CERTIFICATE REQUEST was received [9 bytes] [8037|2] ASSERT: auth_cert.c:207 [7999|3] HSK[80aaee0]: SERVER HELLO DONE was send [4 bytes] [8037|3] HSK[80aaee0]: SERVER HELLO DONE was received [4 bytes] [8037|3] HSK[80aaee0]: CERTIFICATE was send [7 bytes] [8037|3] HSK[80aaee0]: CLIENT KEY EXCHANGE was send [134 bytes] [8037|3] REC[80aaee0]: Sent ChangeCipherSpec [8037|3] HSK[80aaee0]: Cipher Suite: RSA_NULL_MD5 [8037|3] HSK[80aaee0]: Initializing internal [write] cipher sessions [8037|3] HSK[80aaee0]: FINISHED was send [16 bytes] [7999|3] HSK[80aaee0]: CERTIFICATE was received [7 bytes] [7999|2] ASSERT: auth_cert.c:874 [7999|2] ASSERT: gnutls_handshake.c:2475 Here, 7999 is the server and 8037 is the client. Apparently, in `_gnutls_send_client_certificate ()', the client ends up calling `_gnutls_send_handshake ()' with DATA == NULL and DATA_SIZE == 0, hence the 7-byte "certificate" message. Any idea what's going wrong? Thanks, Ludovic. _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
