gnutls_x509_crt_import fails with INVALID REQUEST

Mon Jan 11 16:48:38 CET 2010

BTW... I am using GnuTLS 2.8.5
________________________________________
From: LATZE Carolin
Sent: Monday, January 11, 2010 4:48 PM
To: help-gnutls at gnu.org
Subject: gnutls_x509_crt_import  fails with INVALID REQUEST

Hi everybody,

I wrote a very small client and server example using

gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);

to read the client's certificate and key out of files. That lead to a successful handshake. Now I want to use the callback to choose the right client certificate during the handshake. In order to so, I replace the function above with

gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);

Furthermore, I defined a callback, that is really executed. Inside the callback, I wanted the read the same client certificate I used in the first example using the following functions out of the samples:

static gnutls_datum_t
load_file (const char *file)
{
  FILE *f;
  gnutls_datum_t loaded_file = { NULL, 0 };
  long filelen;
  void *ptr;

  if (!(f = fopen (file, "r"))
      || fseek (f, 0, SEEK_END) != 0
      || (filelen = ftell (f)) < 0
      || fseek (f, 0, SEEK_SET) != 0
      || !(ptr = malloc ((size_t) filelen))
      || fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
    {
      return loaded_file;
    }

  loaded_file.data = ptr;
  loaded_file.size = (unsigned int) filelen;
  return loaded_file;
}

And afterwards:

static void
load_keys (void)
{
  int ret;
  gnutls_datum_t data;

  data = load_file (CERTFILE);
  if (data.data == NULL)
    {
      fprintf (stderr, "*** Error loading cert file.\n");
      exit (1);
    }
  gnutls_x509_crt_init (&crt);

  ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
  if (ret < 0)
    {
      fprintf (stderr, "*** Error loading cert file: %s\n",
               gnutls_strerror (ret));
      exit (1);
    }

and so on.... but gnutls_x509_crt_import fails with INVALID REQUEST.... Any ideas why? This is exactly the same certificate. certtool as well as the first example did not have any problem with that certificate so why does the import method?

Regards
Carolin