[gnutls-help] Obtain CN from session certificate

Jordi Blasi Uribarri jblasi at nextel.es
Tue Jan 17 15:48:06 CET 2017 

I got the code from one of those examples and when arriving to the gnutls_certificate_get_peers function I get a "No certificate was found" error.

   cert_list = gnutls_certificate_get_peers( trans->session, &cert_list_size);
   if ( cert_list == NULL) {
	  coap_log_error("No certificate was found!\n");
	  return -1;
   }


The client goes throguh the following steps. I removed error control and extra code for simplicity.

	ret = gnutls_global_init();
    ret = gnutls_certificate_allocate_credentials(&client->cred);
    ret = gnutls_certificate_set_x509_trust_file(client->cred, trust_file_name, GNUTLS_X509_FMT_PEM);
    ret = gnutls_certificate_set_x509_crl_file(client->cred, crl_file_name, GNUTLS_X509_FMT_PEM);
    ret = gnutls_certificate_set_x509_key_file(client->cred, cert_file_name, key_file_name, GNUTLS_X509_FMT_PEM);
    ret = gnutls_priority_init(&client->priority, COAP_CLIENT_DTLS_PRIORITIES, NULL);
    ret = gnutls_init(&client->session, GNUTLS_CLIENT | GNUTLS_DATAGRAM | GNUTLS_NONBLOCK);
    ret = gnutls_credentials_set(client->session, GNUTLS_CRD_CERTIFICATE, client->cred);
    ret = gnutls_priority_set(client->session, client->priority);
    
	gnutls_transport_set_ptr(client->session, client);
    gnutls_transport_set_pull_function(client->session, coap_client_dtls_pull_func);
    gnutls_transport_set_pull_timeout_function(client->session, coap_client_dtls_pull_timeout_func);
    gnutls_transport_set_push_function(client->session, coap_client_dtls_push_func);
    gnutls_dtls_set_mtu(client->session, COAP_CLIENT_DTLS_MTU);
    gnutls_dtls_set_timeouts(client->session, COAP_CLIENT_DTLS_RETRANS_TIMEOUT, COAP_CLIENT_DTLS_TOTAL_TIMEOUT);
	
    ret = gnutls_handshake(client->session);

I have been checking with another client example in the manual and I see nowhere I am doing things differently.

any idea where my mistake is?

thanks.

    Jordi

-----Mensaje original-----
De: Gnutls-help [mailto:gnutls-help-bounces at lists.gnutls.org] En nombre de Nikos Mavrogiannopoulos
Enviado el: lunes, 16 de enero de 2017 19:35
Para: gnutls-help at lists.gnutls.org
Asunto: Re: [gnutls-help] Obtain CN from session certificate

On Mon, 2017-01-16 at 08:12 +0000, Jordi Blasi Uribarri wrote:
> Hi,
>  
> I am trying to adapt some other developers project and my 
> understanding of the process is not complete. I have compiled and run 
> the FreeCoap project that uses GNUTLS to stablish a DTLS session to 
> comunicate between peers. At the present, the code negotiates the keys 
> using x.509 certificates and sends information correctly. The keys are 
> generated with the following command:
> [...]
> What I want is to obtain in the code the information relative to the 
> requester, this means, the cn, unit, and organization.

I'd suggest to read the manual. While extensive it has quite some examples. You'll need to get the peer's certificate and parse it. For start check gnutls_certificate_get_peers().

regards,
Nikos


_______________________________________________
Gnutls-help mailing list
Gnutls-help at lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-help

More information about the Gnutls-help mailing list