[Help-gnutls] Peer certificates not signed by any CA

Florian Weimer fweimer at bfk.de
Tue Jun 13 16:28:35 CEST 2006

On Tue, Jun 13, 2006 at 02:51:34PM +0200, fweimer wrote:

> > In that case if you would like to send the client certificate anyway,
> > you should use the callback function (don't remember the name right
> > now).
> Will try and report.

gnutls_certificate_client_get_request_status still returns 0 on the
client side, but it seems that this time, a certificate is actually
transmitted in a way the server can handle it.

May I assume that the first certificate returned by
gnutls_certifcate_get_peers contains public key material which actually
corresponds to the private key material which was used to establish the

By the way, gnutls_certificate_client_set_retrieve_function is not a
well-designed interface.  The callback function lacks a closure
parameter.  Even worse, it is hard to fake it because
gnutls_certificate_client_set_retrieve_function is called with a
credentials structure, and the callback is called with a session
structure.  Extremely annoying.

Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Durlacher Allee 47            tel: +49-721-96201-1
D-76131 Karlsruhe             fax: +49-721-96201-99

More information about the Gnutls-help mailing list