* Nikos Mavrogiannopoulos: > Florian Weimer wrote: >> * Nikos Mavrogiannopoulos: >> >>> After or during the handshake (with a callback that I don't remember >>> its name) you should verify the certificate chain received by peer. >>> For that you can use gnutls_certificate_verify_peers2(). Could you >>> suggest the points in documentation that were not clear for you, so we >>> can correct them? The problem when I read the documentation is that I >>> know everything :) that needs to be done thus such things are easy to >>> miss. >> gnutls_certificate_set_x509_key, gnutls_certificate_set_x509_key_mem, >> gnutls_certificate_set_x509_key_file should mention that they are only >> relevant to the server side, and that on the client side, >> gnutls_certificate_client_set_retrieve_function has to be used to >> install a callback which provides the certificate to send to the >> server. > > Hi, > Actually those functions you mention are valid for both client and > server side. The callback is optional and suitable for the case where > you might not initially know which certificate to load.
But if I don't use the callback, the client does not actually send the certificate, so I'm now totally confused. 8-) -- Florian Weimer <[email protected]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99 _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
