Purpose of gnutls_credentials_set
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jun 4 13:42:56 CEST 2010
After or during the handshake (with a callback that I don't remember
its name) you should verify the certificate chain received by peer.
For that you can use gnutls_certificate_verify_peers2(). Could you
suggest the points in documentation that were not clear for you, so we
can correct them? The problem when I read the documentation is that I
know everything :) that needs to be done thus such things are easy to
miss.
regards,
Nikos
On Fri, Jun 4, 2010 at 10:32 AM, Florian Weimer <fweimer at bfk.de> wrote:
> I'm somewhat mystified what this function (and the surrounding
> constructs) is supposed to do. I'm calling
> gnutls_certificate_set_x509_trust_mem and
> gnutls_certificate_set_x509_key in the client, but in itself, that
> does not cause failures when connecting to a server which presents the
> wrong certificate, nor does it cause the client to send along a
> certificate (for that, I've found that I have to install a callback
> using gnutls_certificate_client_set_retrieve_function). For
> certificate verification to happen, it seems that I need to call
> gnutls_certificate_verify_peers2 (or implement some sort of
> verification manually).
>
> Perhaps this could be clarified in the documentation?
>
> --
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
>
> _______________________________________________
> Help-gnutls mailing list
> Help-gnutls at gnu.org
> http://lists.gnu.org/mailman/listinfo/help-gnutls
>
More information about the Gnutls-help
mailing list