> This may seem like a dumb question, but are you calling > gnutls_certificate_allocate_credentials() properly? > > Not sure it will help, but here is a functioning async certificate > (client+server) implementation that I wrote some time ago that may provide > some clues: > https://svn.enlightenment.org/svn/e/trunk/ecore/src/lib/ecore_con/ecore_con_ssl.c > > -- > Mike Blumenkrantz > Zentific: Doctor recommended, mother approved. >
Thanks for suggestions. I've checked all that. So I'm beginning to think that I actually have incorrectly generated all the PEM stuff. Here's the code (I suppose there's something stupid there): # CA certtool --generate-privkey --outfile ca-key.pem certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem --template ca.cfg # Server cert certtool --generate-privkey --outfile server-key.pem certtool --generate-request --load-privkey server-key.pem --outfile server-request.pem --template server.cfg certtool --generate-certificate --load-request server-request.pem --outfile server-cert.pem --load-ca-certificate ca-cert.pem \ --load-ca-privkey ca-key.pem --template ca-server.cfg # Client cert certtool --generate-privkey --outfile client-key.pem certtool --generate-request --load-privkey client-key.pem --outfile client-request.pem --template client.cfg certtool --generate-certificate --load-request client-request.pem --outfile client-cert.pem --load-ca-certificate server-cert.pem \ --load-ca-privkey server-key.pem --template sv-client.cfg Yet I still don't understand how client certificate is distinguished from server certificate (at least in non-www cases where no "tls_www_client" and "tls_www_server" entries are used in templates) Say, the CA signed a server certificate. If server certificate have authority to sign certificate then the server can sign client certificates. But why then client certificates can't be used as server? And also which trust file have to be used by 'gnutls_certificate_set_x509_trust_file ()' on client side and which one on server? Best regards, Neurofog _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
