[gnutls-help] CRL revoked certs ignored
Dark Victorian Spirit
debian-user+Etherape at kernelbug.org
Mon Apr 20 14:10:46 CEST 2015
Cool! That's clear.
In the gnutlc-cli command i can't find how to send a certificate.
Which option should be used for that?
On Mon, Apr 20, 2015 at 01:11:24PM +0200, Nikos Mavrogiannopoulos wrote:
> On Mon, Apr 20, 2015 at 1:18 PM, <gnutls+etherape at kernelbug.org> wrote:
> > Hmm i see i didn't put the last working CRL generate command there, this is what i did yesterday,
> >
> > certtool --generate-crl --load-ca-privkey=ca-key.pem \
> > --load-ca-certificate=ca-cert.pem \
> > --load-certificate lrc-ldap_client.gnutls.crt \
> > --outfile=crl.pem
> > So lrc-ldap_client.gnutls.crt should be revoked, right?
>
> Correct.
>
> > * Accepted connection from IPv4 10.50.2.12 port 48559 on Mon Apr 20 13:06:31 2015
> > - Description: (TLS1.2)-(ECDHE-RSA-SECP192R1)-(AES-128-GCM)
> > - Session ID: 13:74:51:E3:69:B6:CB:02:07:38:A1:A8:40:42:00:70:BF:A4:98:C4:BC:D7:FE:F8:D4:7E:B0:86:A7:8F:ED:23
> > - Given server name[1]: lrc-ldap
> > No certificates found!
> > - Ephemeral EC Diffie-Hellman parameters
> > - Using curve: SECP192R1
> > - Curve size: 192 bits
> > - Version: TLS1.2
> > - Key Exchange: ECDHE-RSA
> > - Server Signature: RSA-SHA256
> > - Cipher: AES-128-GCM
> > - MAC: AEAD
> > - Compression: NULL
> > - Channel binding 'tls-unique': 17480355da49f20e21775f7c
> > It's interesting that the server now says 'No certificates found!' i don't know if this has something to do with the revocation.
> > But still i'm able to write data to the server which is received.
>
> That message means that the client didn't send any certificates. Use
> "-r" on gnutls-serv to force the client send its certificate.
>
> regards,
> Nikos
>
> _______________________________________________
> Gnutls-help mailing list
> Gnutls-help at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/gnutls-help
More information about the Gnutls-help
mailing list