nOOb Error : No certificates found!

gonzagueddr gonzagueddr at yahoo.fr
Wed Apr 14 14:05:38 CEST 2010


> In the creation of the server keys you specifically asked for a tls
> www server, thus it is normal for gnutls to detect a violation. 
Yes, but i also tried "gnutls-serv --http", so it supose to act as an 
http server isn't it ?, and using a netbrowser to get 
https://domain.org:22222/ returns the same error from the server ("No 
certificates found!")

> What do you actually want to do? (not what you did, but what you
> want to do).
> If you simply want to stream an mp3 over https you don't really need a
> client certificate.
> Given that, what is the actual error you see?
>   
That's it : stream an mp3 over https using vlc , so the vlc server's 
command is "vlc --sout-http-cert="/path/servercert.pem" 
--sout-http-key="/path/serverkey.pem" --sout-http-ca="/path/cacert.pem 
--sout '#standard{access=https,mux=ts,dst=192.168.1.15:22222/test.mp3}' 
my.mp3" ( vlc server must be run with the ca, cert and key files, or it 
returns fatal error (cannot set certificate chain or private key))
And when i open the stream, vlc server returns  "TLS handshake error: 
The peer did not send any certificate", while the client returns "TLS 
handshake error: Error in the push function".
I've been said on the vlc's forum that the CA file must be present on 
the client's machine, so i've copy/paste the cacert.pem to 
ca-certificates.crt (if this file is not present, client returns a 
warning (can not add credidential x509 ), and then the same TLS 
handshake error

If i run the vlc server without the "--sout-http-ca", client returns :

gnutls error: TLS session: access denied
gnutls error: Certificate could not be verified
gnutls error: Certificate's signer was not found
main error: TLS client session handshake error

So specifying those 3 files (ca, cert and key) on the server and the ca 
on the client gave me the less errors ...

Sorry for this, and thanks again for your time.

Gonzague












More information about the Gnutls-help mailing list