[gnutls-help] Obtain CN from session certificate

Jordi Blasi Uribarri jblasi at nextel.es
Mon Jan 16 09:12:53 CET 2017


I am trying to adapt some other developers project and my understanding of the process is not complete. I have compiled and run the FreeCoap project that uses GNUTLS to stablish a DTLS session to comunicate between peers. At the present, the code negotiates the keys using x.509 certificates and sends information correctly. The keys are generated with the following command:

certtool --generate-privkey --ecc --curve secp256r1 --outfile client_privkey.pem
certtool --generate-certificate --ecc --curve secp256r1 --template client_template.txt --outfile client_cert.pem --load-privkey client_privkey.pem --load-ca_certificate root_client_cert.pem --load-ca-privkey root_client_privkey.pem

being the client_template.txt content this:


What I want is to obtain in the code the information relative to the requester, this means, the cn, unit, and organization.

After succesfully negotiating the handshake I see that I have a gnutls_session_t object available, that I understand should contain this information. I see that it obtains different values using different methods:

gnutls_session_t session;
gnutls_cipher_algorithm_t cipher = 0;
gnutls_mac_algorithm_t mac = 0;
gnutls_kx_algorithm_t kx = 0;
const char *cipher_suite = NULL;
kx = gnutls_kx_get(session);
cipher = gnutls_cipher_get(session);
mac = gnutls_mac_get(session);
cipher_suite = gnutls_cipher_suite_get_name(kx, cipher, mac);

I have been navigating through the gnutls man pages but I have not found a way to obtain this information. Any idea of how to get to it? I am missunderstanding something?

Thanks for your help,

Jordi Blasi Uribarri
Área I+D+i

jblasi at nextel.es
Oficina Bilbao

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170116/81312fd3/attachment.html>

More information about the Gnutls-help mailing list