Re: [Help-gnutls] handshaking gnuTLS 0.2.90

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] handshaking gnuTLS 0.2.90

From:	Florent Jugla
Subject:	Re: [Help-gnutls] handshaking gnuTLS 0.2.90
Date:	13 Dec 2001 10:41:47 +0100

On Wed, 2001-12-12 at 11:47, Nikos Mavroyanopoulos wrote:
> On 11 Dec 2001 11:40:51 +0100 Florent Jugla <address@hidden> wrote:
> 
> > Hi,
> > I try to use the GnuTLS library. 
> > In a first time, I was using the 0.2.2 version - I had just one problem
> > when doing client authentication : the certificate of a client was
> > accepted, but the server did not know the CA of the client ??
> The server only knows the CAs you provide him (using 
> gnutls_x509pki_set_server_trust()
> or the equivalent in 0.2.2.
> 
In that case, the server knew a given CA, (let's call it ca1), but the
certificate of the client was signed by another CA (ca2). When the
client sent its certificate, this certificate was accepted by the
server. Have I got to do a special check in the server implementation in
order to verify that my server knows the CA the certificate of the
client was signed with ?

> 
> > So, I decided to upgrade the library version and to use the last 0.2.90
> 0.2.9x versions are there for testing purposes. You'd better wait for 0.3.0
> or get 0.2.11.
> 
ok, I tried to use the CVS version, but when I make the project, a file
is missing (.ltconfig). Do you know what the problem is ?

> > from one version to the other. Anyway, I could achieve my compilation ;
> > but now, nothing is working. When I just do a server authentication
> > (i.e, just the server has a certificate), the handshake do not complete.
> What's the error code returned? Do the examples in the documentation work?
> The logs you attached showed no fatal error in gnutls. Do you handle the
> returned error codes properly?

I did not test the examples in the documentation. I will check the error
code returned (not today)

Thank you
Florent Jugla

> 
> > Any idea ? Thank you
> > Florent
> 
> > -- 
> > Florent Jugla / Easter-Eggs              Spιcialiste GNU/Linux
> > 44-46 rue de l'Ouest  -  75014 Paris  -  France -  Mιtro Gaitι
> > Phone: +33 (0) 1 43 35 00 37    -   Fax: +33 (0) 1 43 35 00 76
> > mailto:address@hidden   -   http://www.easter-eggs.com
> 
> -- 
> Nikos Mavroyanopoulos
> mailto:address@hidden
-- 
Florent Jugla / Easter-Eggs              Spécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris  -  France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -   Fax: +33 (0) 1 43 35 00 76
mailto:address@hidden   -   http://www.easter-eggs.com

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] handshaking gnuTLS 0.2.90, Florent Jugla, 2001/12/11
- Re: [Help-gnutls] handshaking gnuTLS 0.2.90, Nikos Mavroyanopoulos, 2001/12/12
  - Re: [Help-gnutls] handshaking gnuTLS 0.2.90, Florent Jugla <=
    - Re: [Help-gnutls] handshaking gnuTLS 0.2.90, Nikos Mavroyanopoulos, 2001/12/13

Prev by Date: Re: [Help-gnutls] handshaking gnuTLS 0.2.90
Next by Date: Re: [Help-gnutls] handshaking gnuTLS 0.2.90
Previous by thread: Re: [Help-gnutls] handshaking gnuTLS 0.2.90
Next by thread: Re: [Help-gnutls] handshaking gnuTLS 0.2.90
Index(es):
- Date
- Thread