[Help-gnutls] Need a little help with gnutls_certificate_server_set_retrieve_function

Gergely Nagy algernon at bonehunter.rulez.org
Sat Jul 31 00:06:45 CEST 2004

> > Which is a wee-bit different. I checked the gnutls_retr_st
> > structure,
> > and to be honest, I cannot figure out how my program is supposed to
> > select the appropriate certificate - or how to get the information >
> > to begin with..
> The gnutls-cli program in the cvs uses this callback.
> See 

Thanks, I'll take a look!

Hrm, that is the client part, I'd need the server part - but I can use
this too, thanks!

> In brief to fill the retr_st structure you need to specify
> the certificate you're returning in type, the number
> of certificates in ncerts, the actual certificate list
> in cert.x509 (or cert.pgp), and the corresponding private key
> in key.x509 (or key.pgp). 
> Note that the certificates are of type gnutls_x509_crt
> which means you'll need to import your certificates in this
> format using gnutls_x509_crt_import() and gnutls_x509_privkey_import()
> for x509.
> This is might be more burden, although it does not demand
> to load any certificates and keys in the credentials structure.
> But the main reason I changed the callback is that this one does not 
> force you to parse all the loaded DER encoded certificates
> to select one. That is you could have already mapped certain
> certificates with hostnames, so once in the callback you send
> the appropriate with no DER parsing taking place.

Mmmmhm... I see. So in the certificate select function, I somehow need
to know the list of available certificates.. *thinking, thinking*

Right, I guess I know how to proceed from here on, and indeed, the
interface now makes sense, very much so! I originally thought that the
second argument is for input, not for the retrieve function to store
stuff in (silly me! it's called retrieve because it can load stuff too,
not just select!)

Thanks for explaining!

Gergely Nagy

More information about the Gnutls-help mailing list