Problems handling X.509 certificates

lfinsto at lfinsto at
Wed Nov 25 09:38:44 CET 2009


I need to use X.509 certificates for authentication/authorization in an
application and I've been working through the examples in the GNUTLS

I'm new to GNUTLS (and network programming), so please excuse me if my
questions are naive.

I've been using and modifying the programs
"7.3.2 Simple Client Example with X.509 Certificate Support"
"7.4.2 Echo Server with X.509 Authentication II".

I've been trying to use the function `verify_certificate_chain' (defined
in `ex-verify.c') instead of `verify_certificate' (defined in
`ex-rfc2818.c'), but I can't seem to get it to work.

I have two certificates that I want the client to send to the server.  In
the client, I call `gnutls_certificate_set_x509_key_file' twice, once for
each certificate/key pair.  However, in the server,
`gnutls_certificate_get_peers' sets the `*LIST_SIZE' to 1, i.e., it only
finds one certificate.

I've tried various things to get it to work, but with no success.  I must
be overlooking something, but I don't know what it could be.

Any help would be much appreciated.

Laurence Finston

More information about the Gnutls-help mailing list