[gnutls-help] Couple of questions about gnutls lib usage.

Jonathan Roudiere jonathan.roudiere at gmail.com
Mon Sep 23 10:17:49 CEST 2013


Hi Nikos,

>> - In case where I set a certificate and a key (through
>> gnutls_certificate_set_x509_key*)
>> in a credential struct there is a function/way to add certificates to
>> provide them with the first
>> certificate (to build chain) ?
>
> I don't quite understand the question. You mean if you provide an
> incomplete chain whether you can fill it in later? If that is the
> question, that isn't possible.

Yes, that's the question. ok ...

>> - With dh is a new key is generated for every new ssl session ? or
>> only once for the
>> current cred and parameter pair ? In this latter case can I
>> change/control this behavior ?
>
> A new key is generated on every session to maintain the perfect forward
> secrecy requirements. You cannot change that, but why would you want to
> do it differently? If performance is an issue then you could use
> specially crafted groups (as generated by certtool) that use a prime of
> a certain type that allows for keys of smaller size (and thus much
> faster exponentiation).

Ok, that's exactly the behavior I want, it was just to be sure.

> regards,
> Nikos
>

Thank you,

Regards,
Joe



More information about the Gnutls-help mailing list