<[email protected]> writes:
> Hi everybody
>
> We're trying to get gnutls to work with a cryptographic
> token. Therefore I've had a look at the gnutls_sign_callback_set
> method. What I don't understand is: At which point is the method
> called that I'm passing to gnutls_sign_callback_set?
During the call to gnutls_handshake.
See the self-test tests/x509signself.c, it forks a server and client
that talks to each other using the sign callback, without any private
key being available elsewhere in the code.
> I've tried it out by doing this:
...
>
> gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);
I think this is your problem, you need to set a NULL keyfile. Otherwise
you supply the library with a private key, so it will use that instead
of invoking the callback. From the x509signself.c code:
gnutls_certificate_set_x509_key_mem (xcred, &cert, NULL,
GNUTLS_X509_FMT_PEM);
I think the example looks fine otherwise, although I didn't try to run
it.
/Simon
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
