[Help-gnutls] Re: Authentication during Handshake

Simon Josefsson simon at josefsson.org
Mon May 19 22:21:33 CEST 2008


"Rainer Gerhards" <rgerhards at gmail.com> writes:

> Hi,
>
> I am implementing an upcoming IETF standard ( syslog over TLS,
> http://www.ietf.org/internet-drafts/draft-ietf-syslog-transport-tls-12.txt
> ). As part of that standard, clients and server need to do mutual
> authentication, which can either happen via subject names OR via
> fingerprints of the certificates.
>
> I would like to do the mutual authentication as part of the handshake,
> so that the handshake does not complete successfully if the server can
> not successfully authenticate the client or the client not
> successfully authenticate the server. Is this possible with GnuTLS? If
> so, could you give me a clue on what I need to provide to get it
> working.
>
> Any feedback is deeply appreciated.

If I understand correctly, you want to implement TLS client
authentication, i.e. when the client also uses a key+certificate.  Are
you working on the client or server side, or both?  In any case, check
the gnutls examples, there should be examples for this.

/Simon





More information about the Gnutls-help mailing list