The client sends the certificate if the server requests a certificate signed with its CA. Does the server request for such a certificate? (you can check with wireshark, or you can print in the callback the DNs of the CAs that the server supports).
regards, Nikos On Mon, Jun 21, 2010 at 9:06 AM, Florian Weimer <[email protected]> wrote: > * Nikos Mavrogiannopoulos: > >> Florian Weimer wrote: >>> * Nikos Mavrogiannopoulos: >>> >>>> After or during the handshake (with a callback that I don't remember >>>> its name) you should verify the certificate chain received by peer. >>>> For that you can use gnutls_certificate_verify_peers2(). Could you >>>> suggest the points in documentation that were not clear for you, so we >>>> can correct them? The problem when I read the documentation is that I >>>> know everything :) that needs to be done thus such things are easy to >>>> miss. >>> gnutls_certificate_set_x509_key, gnutls_certificate_set_x509_key_mem, >>> gnutls_certificate_set_x509_key_file should mention that they are only >>> relevant to the server side, and that on the client side, >>> gnutls_certificate_client_set_retrieve_function has to be used to >>> install a callback which provides the certificate to send to the >>> server. >> >> Hi, >> Actually those functions you mention are valid for both client and >> server side. The callback is optional and suitable for the case where >> you might not initially know which certificate to load. > > But if I don't use the callback, the client does not actually send the > certificate, so I'm now totally confused. 8-) > > -- > Florian Weimer <[email protected]> > BFK edv-consulting GmbH http://www.bfk.de/ > Kriegsstraße 100 tel: +49-721-96201-1 > D-76133 Karlsruhe fax: +49-721-96201-99 > _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
