[email protected] writes: > Hello, > > I need to use X.509 certificates for authentication/authorization in an > application and I've been working through the examples in the GNUTLS > manual. > > I'm new to GNUTLS (and network programming), so please excuse me if my > questions are naive. > > I've been using and modifying the programs > "7.3.2 Simple Client Example with X.509 Certificate Support" > and > "7.4.2 Echo Server with X.509 Authentication II". > > I've been trying to use the function `verify_certificate_chain' (defined > in `ex-verify.c') instead of `verify_certificate' (defined in > `ex-rfc2818.c'), but I can't seem to get it to work. > > I have two certificates that I want the client to send to the server. In > the client, I call `gnutls_certificate_set_x509_key_file' twice, once for > each certificate/key pair. However, in the server, > `gnutls_certificate_get_peers' sets the `*LIST_SIZE' to 1, i.e., it only > finds one certificate. > > I've tried various things to get it to work, but with no success. I must > be overlooking something, but I don't know what it could be.
The TLS protocol only allow clients to send one X.509 certificate to the server. I suspect that if you need to send two client certificates, something is wrong with your architecture. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
