[Help-gnutls] Using the gnutls_sign_callback_set method

[Tobias.Soder at swisscom.com]

Hi everybody

We're trying to get gnutls to work with a cryptographic token. Therefore I've had a look at the gnutls_sign_callback_set method. What I don't understand is: At which point is the method called that I'm passing to gnutls_sign_callback_set?

I've tried it out by doing this:

char* testString;

int custom_gnutls_sign(gnutls_session_t session, void *userdata, gnutls_certificate_type_t cert_type, const gnutls_datum_t * cert, const gnutls_datum_t * hash, gnutls_datum_t * signature) {
                testString = "Changed!!\n";
}

int main (void) {

  // ... declarations

  testString = "Not changed!\n";

 gnutls_global_init();
  gnutls_certificate_allocate_credentials(&xcred);
  gnutls_certificate_set_x509_trust_file(xcred,CAFILE,GNUTLS_X509_FMT_PEM);
  gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);

  /* initialize TLS session */
  gnutls_init(&session, GNUTLS_CLIENT);
  /* for doc about gnutls_priority_init read the man page */
  ret=gnutls_priority_set_direct(session,"PERFORMANCE",&err);
  if (ret<0)
    {
      if (ret==GNUTLS_E_INVALID_REQUEST)
                fprintf(stdout,"ERROR: Syntax error at %s\n",err);
      exit(1);
    }
  gnutls_credentials_set(session,GNUTLS_CRD_CERTIFICATE,xcred);

  /* Setting Callback */
  gnutls_sign_callback_set(session, custom_gnutls_sign, NULL);

 /* connect to peer */
  sd=tcp_connect();
  gnutls_transport_set_ptr(session,(gnutls_transport_ptr_t)sd);

  /* perform handshake */
  ret=gnutls_handshake(session);
  if(ret<0)
    {
      fprintf(stdout,"ERROR: Handshake failed\n");
      gnutls_perror(ret);
      goto end;
    }
  else
    printf("INFO: Handshake was completed\n");

  /* verify the server's certificate */
  if(ret==0)
    {
      int rc;
      unsigned int status;

      /* abort if verification fails */
      rc = gnutls_certificate_verify_peers2(session,&status);
      if(rc!=0 || status!=0)
                {
                  printf("ERROR: Verifying server certificate failed!\n");
                  exit(1);
                }
      printf("INFO: server verified\n");
    }

  printf("INFO: handshake and server verification completed\n");

  /* print TLS version */
  tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));
  printf ("INFO: TLS Protocol: %s\n", tmp);


  /* test the connection with a sample message */
  gnutls_record_send(session,MSG,strlen(MSG));
  ret=gnutls_record_recv(session,buffer,MAX_BUF);
  if(ret==0)
    {
      printf("INFO: Peer has closed the connection\n");
      goto end;
    }
  else if(ret<0)
    {
      fprintf(stdout,"ERROR: %s\n",gnutls_strerror(ret));
      goto end;
    }

  printf("INFO: Received %d bytes: ", ret);
  for(ii=0;ii<ret;ii++)
    fputc(buffer[ii],stdout);
  fputs("\n",stdout);


  gnutls_bye(session,GNUTLS_SHUT_RDWR);

 end:
  tcp_close(sd);
  gnutls_deinit(session);
  gnutls_certificate_free_credentials(xcred);
  gnutls_global_deinit();

  printf(testString);

  return 0;
}

The client runs through without any problems. But the testString is still "Not Changed!" at the last output. So it seems, that my callback method is never called... What am I doing wrong? Any hints appreciated!

Greetings
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20090515/0c3f8674/attachment.htm>