* Ivan Shmakov: > Hence, the question is: is there a way to specify the local key > pair and the remote public key to GnuTLS “directly”, just prior > to connecting the remote?
I recommend to use self-signed X.509 certificates, this way you can port your software to other crypto libraries. It is possible to override the certificate verification function and replace the PKI-based verificiation with something that performs a database lookup, for instance. You can use the subject DN or a hash to look up the certificate in the database, and perform a bit-wise comparison between the peer certificate and what is found in the database. Make sure your certificates are valid X.509v3. GNUTLS is extremely forgiving, and if you've got a widely deployed certificate which cannot be used with Java (for instance), this can be annoying. _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
