Certificate Request State

Simon Josefsson simon at josefsson.org
Wed Jul 29 21:01:39 CEST 2009

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> Peter Hendrickson wrote:
>> Running GnuTLS 2.8.1 under Ubuntu 9.04, I find that
>> gnutls_certificate_client_get_request_status() falsely reports that no
>> client certificate was requested, even when there was a request.  (The
>> server code is supposed to be asking for a certificate, it
>> successfully verifies the client certificate, and I can see the
>> certificate request packet to the client and the client sending its
>> certificate.)
>> Watching in the debugger, it appears that when the "Certificate
>> Request" handshake packet arrives at the client from the server, the
>> client sets session->key->certificate_requested to 1 in
>> auth_cert.c:_gnutls_proc_cert_cert_req().
>> The problem seems to lie in gnutls_certificate_client_get_request_status()
>> itself.
> Corrected thanks. I also don't remember why this is like that. It must
> have been some incomplete attempt to move this variable from the key to
> auth_info structure.

Thanks for report Peter.  I added a NEWS entry about this:

** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
Before it always returned false.  Reported by Peter Hendrickson
<pdh at wiredyne.com> in

And also back-ported it to GnuTLS 2.8.x, it seemed like a obvious and
safe fix.


More information about the Gnutls-devel mailing list