Hi. I'm new to GnuTLS. I'm using it for a client-server library and I have a fairly basic question.
When my server is configured to require x.509 client certificates, and the client either fails to send one, or sends an invalid one, the server detects this error during its gnuttls_handshake() and I have the server break off the connection, as desired. The client's gnutls_handshake(), upon server break-off is returning either GNUTLS_E_PUSH_ERROR or GNUTLS_E_UNEXPECTED_PACKET_LENGTH. The server situation is similar: if the client detects an invalid server certificate, I have the client break off the connection. The server then sees GNUTLS_E_UNEXPECTED_PACKET_LENGTH in its (first) gnutls_record_recv(). Is there something more I need to do in order to close the communication down more "gracefully" in situations where certificate failures are seen? Just seems odd to be handling GNUTLS_E_PUSH_ERROR or GNUTLS_E_UNEXPECTED_PACKET_LENGTH "normally" when the other side doesn't like the certificate. I'm using GnuTLS 1.4.4 for the moment. Thanks. Phil
pgp7dQgZ9BwZ9.pgp
Description: PGP signature
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
