[sr #107785] gnutls_sign_func called with hash size of 20 bytes

Bjørn Christensen bhc at insight.dk
Fri Sep 23 14:16:09 CEST 2011

I have got it working with TLS1.2 also by determine the Hash Algorithm by the size of the Hash.

The PKCS#11 interface for MS Cert store would be nice but I am not sure I have the skills to make the pkcs#11 function to the MS Crypto Api.


-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:INVALID.NOREPLY at gnu.org] 
Sent: 23. september 2011 14:18
To: Nikos Mavrogiannopoulos; Bjørn Christensen; gnutls-devel at gnu.org
Subject: [sr #107785] gnutls_sign_func called with hash size of 20 bytes

Follow-up Comment #7, sr #107785 (project gnutls):

gnutls_sign_callback_set() isn't going to be removed anytime soon. Your
solution would work fine if you stick to SSL 3.0 up to TLS 1.1. In TLS 1.2
you'll have issues so make sure you disable it. 

Unrelated to that, making a small generic pkcs#11 interface for the MS cert
store would actually be a great service.


Reply to this item at:


  Message sent via/by Savannah

More information about the Gnutls-devel mailing list