Certificate Request State
Simon Josefsson
simon at josefsson.org
Wed Jul 29 21:01:39 CEST 2009
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> Peter Hendrickson wrote:
>> Running GnuTLS 2.8.1 under Ubuntu 9.04, I find that
>> gnutls_certificate_client_get_request_status() falsely reports that no
>> client certificate was requested, even when there was a request. (The
>> server code is supposed to be asking for a certificate, it
>> successfully verifies the client certificate, and I can see the
>> certificate request packet to the client and the client sending its
>> certificate.)
>>
>> Watching in the debugger, it appears that when the "Certificate
>> Request" handshake packet arrives at the client from the server, the
>> client sets session->key->certificate_requested to 1 in
>> auth_cert.c:_gnutls_proc_cert_cert_req().
>>
>> The problem seems to lie in gnutls_certificate_client_get_request_status()
>> itself.
>
> Corrected thanks. I also don't remember why this is like that. It must
> have been some incomplete attempt to move this variable from the key to
> auth_info structure.
Thanks for report Peter. I added a NEWS entry about this:
** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
Before it always returned false. Reported by Peter Hendrickson
<pdh at wiredyne.com> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
And also back-ported it to GnuTLS 2.8.x, it seemed like a obvious and
safe fix.
/Simon
More information about the Gnutls-devel
mailing list