[Help-gnutls] Re: Using the gnutls_sign_callback_set method

Simon Josefsson simon at josefsson.org
Mon May 18 11:52:53 CEST 2009

<Tobias.Soder at swisscom.com> writes:

> Hi everybody
> We're trying to get gnutls to work with a cryptographic
> token. Therefore I've had a look at the gnutls_sign_callback_set
> method. What I don't understand is: At which point is the method
> called that I'm passing to gnutls_sign_callback_set?

During the call to gnutls_handshake.

See the self-test tests/x509signself.c, it forks a server and client
that talks to each other using the sign callback, without any private
key being available elsewhere in the code.

> I've tried it out by doing this:
>   gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);

I think this is your problem, you need to set a NULL keyfile.  Otherwise
you supply the library with a private key, so it will use that instead
of invoking the callback.  From the x509signself.c code:

  gnutls_certificate_set_x509_key_mem (xcred, &cert, NULL,

I think the example looks fine otherwise, although I didn't try to run


More information about the Gnutls-help mailing list