[gnutls-help] Cert retrieve callback question
Lavrentiev, Anton (NIH/NLM/NCBI) [C]
lavr at ncbi.nlm.nih.gov
Fri Apr 24 23:20:43 CEST 2015
Hi,
I have code that sets cert retrieval callback with gnutls_certificate_set_retrieve_function2(),
and from within that callback checks whether the server required the certificate by calling:
gnutls_certificate_client_get_request_status() and expecting "non-zero". Looks like
the latter returns 0 there, even though I see "CERTIFICATE REQUEST(13)" while looking
at debug output:
...
04/24/15 16:55:39 GNUTLS3: HSK[0x150df00]: CERTIFICATE (11) was received. Length 3915[3915], frag offset 0, frag length: 3915, sequence: 0
04/24/15 16:55:39 3 certificates received from server <-- That's my code reports from a cert verify callback
...
04/24/15 16:55:39 GNUTLS4: REC[0x150df00]: SSL 3.3 Handshake packet received. Epoch 0, length: 6010
...
04/24/15 16:55:39 GNUTLS6: BUF[REC]: Inserted 6010 bytes of Data(22)
04/24/15 16:55:39 GNUTLS3: HSK[0x150df00]: CERTIFICATE REQUEST (13) was received. Length 6006[6006], frag offset 0, frag length: 6006, sequence: 0
04/24/15 16:55:39 GNUTLS3: EXT[0x150df00]: rcvd signature algo (2.1) RSA-SHA1
04/24/15 16:55:39 Server does not require client authentication <-- This is my output when gnutls_certificate_client_get_request_status() returns 0
04/24/15 16:55:39 Server's 44 trusted certificate authorities: <-- There's 44 CAs sent by the server, nonetheless (it's in the retrieve callback, too)
...
What I'm missing here?
Thanks,
Anton Lavrentiev
Contractor NIH/NLM/NCBI
More information about the Gnutls-help
mailing list