gnutls_x509_crt_import fails with INVALID REQUEST
LATZE Carolin
carolin.latze at unifr.ch
Mon Jan 11 16:48:38 CET 2010
BTW... I am using GnuTLS 2.8.5
________________________________________
From: LATZE Carolin
Sent: Monday, January 11, 2010 4:48 PM
To: help-gnutls at gnu.org
Subject: gnutls_x509_crt_import fails with INVALID REQUEST
Hi everybody,
I wrote a very small client and server example using
gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);
to read the client's certificate and key out of files. That lead to a successful handshake. Now I want to use the callback to choose the right client certificate during the handshake. In order to so, I replace the function above with
gnutls_certificate_client_set_retrieve_function (xcred, cert_callback);
Furthermore, I defined a callback, that is really executed. Inside the callback, I wanted the read the same client certificate I used in the first example using the following functions out of the samples:
static gnutls_datum_t
load_file (const char *file)
{
FILE *f;
gnutls_datum_t loaded_file = { NULL, 0 };
long filelen;
void *ptr;
if (!(f = fopen (file, "r"))
|| fseek (f, 0, SEEK_END) != 0
|| (filelen = ftell (f)) < 0
|| fseek (f, 0, SEEK_SET) != 0
|| !(ptr = malloc ((size_t) filelen))
|| fread (ptr, 1, (size_t) filelen, f) < (size_t) filelen)
{
return loaded_file;
}
loaded_file.data = ptr;
loaded_file.size = (unsigned int) filelen;
return loaded_file;
}
And afterwards:
static void
load_keys (void)
{
int ret;
gnutls_datum_t data;
data = load_file (CERTFILE);
if (data.data == NULL)
{
fprintf (stderr, "*** Error loading cert file.\n");
exit (1);
}
gnutls_x509_crt_init (&crt);
ret = gnutls_x509_crt_import (crt, &data, GNUTLS_X509_FMT_PEM);
if (ret < 0)
{
fprintf (stderr, "*** Error loading cert file: %s\n",
gnutls_strerror (ret));
exit (1);
}
and so on.... but gnutls_x509_crt_import fails with INVALID REQUEST.... Any ideas why? This is exactly the same certificate. certtool as well as the first example did not have any problem with that certificate so why does the import method?
Regards
Carolin
More information about the Gnutls-help
mailing list