How to run the ex-serv-psk.c example

Nikos Mavrogiannopoulos nmav at
Fri Mar 2 19:37:04 CET 2012

On 03/02/2012 02:56 AM, Peter Penzov wrote:

> I'm trying to run the example ex-serv-psk.c from gnutls 3.0.14.
> I generated self signed certificate using these commands:
> certtool --generate-privkey --outfile key.pem
> certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem
>  I compiled the examples ex-serv-psk.c and ex-client-psk.c. When I try to
> run them I get this error:
> [root at localhost test]# ./server
> Server ready. Listening to port '5556'.
> - connection from, port 38184
> *** Handshake has failed (The TLS connection was non-properly terminated.)

You can connect to the example server using gnutls-cli. The example
client requires to add "+PSK" to the priority string. I've corrected
it on the documentation.

> Is it do I need something else to run these examples?
> I modified some o
> #define KEYFILE "key.pem"
> #define CERTFILE "cert.pem"
> #define CAFILE "/etc/ssl/certs/ca-certificates.crt"
> #define CRLFILE "crl.pem"
> How I must create CAFILE and CRLFILE? I created self-signed certificate. Do
> I need these files in this case?

CAFILE and CRLFILE are not currently used in the currently supported
PSK ciphersuites so you could ignore them. I didn't remove them because
it is planned for the RSA-PSK ciphersuite to be added which will use


More information about the Gnutls-help mailing list