[Help-gnutls] Re: TLS/OpenPGP draft expiring soon

Ludovic Courtès ludovic.courtes at laas.fr
Thu Feb 1 17:34:32 CET 2007


Simon Josefsson <simon at josefsson.org> writes:

> Also, creating examples and a self test for the OpenPGP stuff would be
> useful.  Have you managed to get it to work at all?

It took me a while, but I finally found why `gnutls-serv' wouldn't do
the job as expected (I knew it should work because I have small
client/server of my own that do work).

First, the patch below must be applied to `serv.c'.  Then, actual DH
and/or RSA parameters must be provided or generated for the server.  So
we end up with a command-line like this for the server:

  $ ./gnutls-serv --dhparams tls-dh-params \
                  --ctypes openpgp --pgpcertfile pub.asc \
                  --pgpkeyfile sec.asc

And for the client:

  $ gnutls-cli --ctypes openpgp --pgpcertfile pub.asc \
               --pgpkeyfile sec.asc -p 5556 localhost

And it works like a charm, even with `--require-cert' passed to the

Can you confirm?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: ,,serv.diff
Type: text/x-patch
Size: 531 bytes
Desc: The patch
URL: </pipermail/attachments/20070201/148266ca/attachment.bin>

More information about the Gnutls-help mailing list