Problems handling X.509 certificates
simon at josefsson.org
Thu Nov 26 15:18:40 CET 2009
lfinsto at gwdg.de writes:
> I need to use X.509 certificates for authentication/authorization in an
> application and I've been working through the examples in the GNUTLS
> I'm new to GNUTLS (and network programming), so please excuse me if my
> questions are naive.
> I've been using and modifying the programs
> "7.3.2 Simple Client Example with X.509 Certificate Support"
> "7.4.2 Echo Server with X.509 Authentication II".
> I've been trying to use the function `verify_certificate_chain' (defined
> in `ex-verify.c') instead of `verify_certificate' (defined in
> `ex-rfc2818.c'), but I can't seem to get it to work.
> I have two certificates that I want the client to send to the server. In
> the client, I call `gnutls_certificate_set_x509_key_file' twice, once for
> each certificate/key pair. However, in the server,
> `gnutls_certificate_get_peers' sets the `*LIST_SIZE' to 1, i.e., it only
> finds one certificate.
> I've tried various things to get it to work, but with no success. I must
> be overlooking something, but I don't know what it could be.
The TLS protocol only allow clients to send one X.509 certificate to the
server. I suspect that if you need to send two client certificates,
something is wrong with your architecture.
More information about the Gnutls-help