"known in advance" public key authentication?

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Nov 14 18:17:45 CET 2012


On 11/13/2012 09:01 PM, Ivan Shmakov wrote:

>>>>>> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> 
> […]
> 
>  > You'll have to sign it using gnutls_x509_crt_privkey_sign ().  It is
>  > better the check the certtool source for other possible options.
> 
> 	ACK, thanks.
> 
> 	So, I've ended up with the code MIME'd.  Then, however,
> 	gnutls_handshake () fails with GNUTLS_E_PK_SIG_VERIFY_FAILED.
> 	Do I understand it correctly that such an error points to some
> 	bug in the certificate signing part?


It means that the TLS signature in the session cannot be verified using
the provided certificate. Could it be a mismatch between your
certificate and the private key? Did you try with certtool generated
certificates? I'd suggest to increase verbosity in order to find out
what is the actual reason of failure.

regards,
Nikos




More information about the Gnutls-help mailing list