[Help-gnutls] Sending a client certificate
Nikos Mavrogiannopoulos
nmav at gnutls.org
Sat Feb 5 21:27:06 CET 2005
On Saturday 05 February 2005 19:47, Martin Lambers wrote:
> On Sat, 05. Feb 2005, 19:02:34 +0100, Nikos Mavrogiannopoulos wrote:
> > Does the server request a certificate? If it doesn't then no matter if
> > you specify one, it will not be used. Otherwise please attach the
> > output of ssldump, or the debug output of level 3.
>
> This is the level 3 debug output:
> GNUTLS DEBUG 3: HSK[8076ad0]: CERTIFICATE was received [1454 bytes]
> GNUTLS DEBUG 3: HSK[8076ad0]: CERTIFICATE REQUEST was received [137 bytes]
> GNUTLS DEBUG 2: ASSERT: auth_cert.c:198
> GNUTLS DEBUG 3: HSK[8076ad0]: SERVER HELLO DONE was received [4 bytes]
> GNUTLS DEBUG 3: HSK[8076ad0]: CERTIFICATE was send [7 bytes]
So it seems you got a certificate request and the certificate gnutls select is
empty. This might be because your certificate does not
match the CAs advertized by the server. You can check the CAs advertized
by the server by using gnutls-cli. If you want to override the server's
request, and send anyway a certificate you have to use the retrieve[0]
function as used in gnutls-cli (cli.c).
[0]. gnutls_certificate_client_set_retrieve_function()
--
Nikos Mavrogiannopoulos
More information about the Gnutls-help
mailing list