[gnutls-help] Handshake failing by using gnutls library

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Mar 7 20:08:09 CET 2015

On Wed 2015-03-04 02:58:26 -0800, Priyaranjan Nayak wrote:

> I am using gnutls-3.3.13 version for tls communication. I have created
> three files by using below commands
> 1. certtool --generate-privkey --outfile key.pem
> 2. certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem
> 3. certtool --generate-crl --load-ca-privkey key.pem --load-ca-certificate cert.pem --outfile crl.pem

The above commands have to do with key generation.  Without more
information about the choices made during step 2, it's hard to tell if
it even makes sense to generate a CRL, though.  CRLs are only sensible
if the certificate is intended to certify other certificates.  Is that
the case?

> Now handshake is failing with "*** Handshake has failed (The request is
> invalid.)" message . Please suggest me how to do handshake properly and if
> anything wrong in the .pem file generation .

There isn't enough information here to help you, i think.  how are you
trying to connect?  are you using GnuTLS for both sides of the
connection (client and server)?  if not, what is providing TLS support
on the side that gnutls isn't handling?  The more specific you can be
about how GnuTLS is being used, the better we'll be able to help you
figure out what's going wrong.  It seems unlikely to be related just to
the certtool steps you laid out above.


More information about the Gnutls-help mailing list