On Nov 4, 2007 1:29 PM, Evan Martin <[EMAIL PROTECTED]> wrote: > I'm trying to get a simple case of gnutls-serv and -cli communicating > with an x509 cert, but it's failing.
For future readers of the list: I figured this out. I think my problem was a combination of the wrong cert settings and not using DH params. I've amended my notes below. > Following the examples in the "invoking certtool" section of the > manual, I created a private key and cert: > $ certtool --generate-privkey --outfile priv > $ head -1 priv > -----BEGIN RSA PRIVATE KEY----- > $ certtool --generate-self-signed --load-privkey priv --outfile cert You can just hit enter (answering "no") to every question except the cert lifetime (how many days) as well as "Will the certificate be used for signing (required for TLS)? (Y/N)", to which you obviously answer yes. > $ head -1 cert > -----BEGIN CERTIFICATE----- This is now enough to make communcation work if you use those files with "openssl s_server". However, for gnutls-serv, you also need Diffie-Hellman params. You can either generate those with "certtool --generate-dh-params" and load them with "gnutls-serv --dhparams", or just run gnutls-serv with "--generate" to generate them. > In case it matters: > $ dpkg -s gnutls-bin | grep Version > Version: 1.6.3-1build1 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
