[Help-gnutls] X.509 authentication and `GNUTLS_CERT_REQUIRE'
Ludovic Courtès
ludo at chbouib.org
Fri May 11 15:33:50 CEST 2007
Hi,
When X.509 authentication is used along with `GNUTLS_CERT_REQUIRE' on
the server-side, the client apparently does not send its certificate as
it should. Enabling debugging shows the following:
[7999|3] HSK[80aaee0]: CERTIFICATE was send [678 bytes]
[8037|3] HSK[80aaee0]: CERTIFICATE was received [678 bytes]
[7999|3] HSK[80aaee0]: CERTIFICATE REQUEST was send [9 bytes]
[8037|3] HSK[80aaee0]: CERTIFICATE REQUEST was received [9 bytes]
[8037|2] ASSERT: auth_cert.c:207
[7999|3] HSK[80aaee0]: SERVER HELLO DONE was send [4 bytes]
[8037|3] HSK[80aaee0]: SERVER HELLO DONE was received [4 bytes]
[8037|3] HSK[80aaee0]: CERTIFICATE was send [7 bytes]
[8037|3] HSK[80aaee0]: CLIENT KEY EXCHANGE was send [134 bytes]
[8037|3] REC[80aaee0]: Sent ChangeCipherSpec
[8037|3] HSK[80aaee0]: Cipher Suite: RSA_NULL_MD5
[8037|3] HSK[80aaee0]: Initializing internal [write] cipher sessions
[8037|3] HSK[80aaee0]: FINISHED was send [16 bytes]
[7999|3] HSK[80aaee0]: CERTIFICATE was received [7 bytes]
[7999|2] ASSERT: auth_cert.c:874
[7999|2] ASSERT: gnutls_handshake.c:2475
Here, 7999 is the server and 8037 is the client.
Apparently, in `_gnutls_send_client_certificate ()', the client ends up
calling `_gnutls_send_handshake ()' with DATA == NULL and DATA_SIZE == 0,
hence the 7-byte "certificate" message.
Any idea what's going wrong?
Thanks,
Ludovic.
More information about the Gnutls-help
mailing list