[Help-gnutls] handshaking gnuTLS 0.2.90

Florent Jugla fjugla at easter-eggs.com
Thu Dec 13 10:41:47 CET 2001 

On Wed, 2001-12-12 at 11:47, Nikos Mavroyanopoulos wrote:
> On 11 Dec 2001 11:40:51 +0100 Florent Jugla <fjugla at easter-eggs.com> wrote:
> 
> > Hi,
> > I try to use the GnuTLS library. 
> > In a first time, I was using the 0.2.2 version - I had just one problem
> > when doing client authentication : the certificate of a client was
> > accepted, but the server did not know the CA of the client ??
> The server only knows the CAs you provide him (using gnutls_x509pki_set_server_trust()
> or the equivalent in 0.2.2.
> 
In that case, the server knew a given CA, (let's call it ca1), but the
certificate of the client was signed by another CA (ca2). When the
client sent its certificate, this certificate was accepted by the
server. Have I got to do a special check in the server implementation in
order to verify that my server knows the CA the certificate of the
client was signed with ?

> 
> > So, I decided to upgrade the library version and to use the last 0.2.90
> 0.2.9x versions are there for testing purposes. You'd better wait for 0.3.0
> or get 0.2.11.
> 
ok, I tried to use the CVS version, but when I make the project, a file
is missing (.ltconfig). Do you know what the problem is ?

> > from one version to the other. Anyway, I could achieve my compilation ;
> > but now, nothing is working. When I just do a server authentication
> > (i.e, just the server has a certificate), the handshake do not complete.
> What's the error code returned? Do the examples in the documentation work?
> The logs you attached showed no fatal error in gnutls. Do you handle the
> returned error codes properly?

I did not test the examples in the documentation. I will check the error
code returned (not today)

Thank you
Florent Jugla

> 
> > Any idea ? Thank you
> > Florent
> 
> > -- 
> > Florent Jugla / Easter-Eggs              Spιcialiste GNU/Linux
> > 44-46 rue de l'Ouest  -  75014 Paris  -  France -  Mιtro Gaitι
> > Phone: +33 (0) 1 43 35 00 37    -   Fax: +33 (0) 1 43 35 00 76
> > mailto:fjugla at easter-eggs.com   -   http://www.easter-eggs.com
> 
> -- 
> Nikos Mavroyanopoulos
> mailto:nmav at hellug.gr
-- 
Florent Jugla / Easter-Eggs              Spécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris  -  France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -   Fax: +33 (0) 1 43 35 00 76
mailto:fjugla at easter-eggs.com   -   http://www.easter-eggs.com

More information about the Gnutls-help mailing list