[Help-gnutls] Re: Using the gnutls_sign_callback

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: Using the gnutls_sign_callback_set method

From:	Simon Josefsson
Subject:	[Help-gnutls] Re: Using the gnutls_sign_callback_set method
Date:	Mon, 18 May 2009 11:52:53 +0200
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.93 (gnu/linux)

<address@hidden> writes:

> Hi everybody
>
> We're trying to get gnutls to work with a cryptographic
> token. Therefore I've had a look at the gnutls_sign_callback_set
> method. What I don't understand is: At which point is the method
> called that I'm passing to gnutls_sign_callback_set?

During the call to gnutls_handshake.

See the self-test tests/x509signself.c, it forks a server and client
that talks to each other using the sign callback, without any private
key being available elsewhere in the code.

> I've tried it out by doing this:
...
>   
> gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);

I think this is your problem, you need to set a NULL keyfile.  Otherwise
you supply the library with a private key, so it will use that instead
of invoking the callback.  From the x509signself.c code:

  gnutls_certificate_set_x509_key_mem (xcred, &cert, NULL,
                                       GNUTLS_X509_FMT_PEM);

I think the example looks fine otherwise, although I didn't try to run
it.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] Using the gnutls_sign_callback_set method, Tobias.Soder, 2009/05/15
- [Help-gnutls] Re: Using the gnutls_sign_callback_set method, Simon Josefsson <=

Prev by Date: Re: [Help-gnutls] BIO_s_mem Replacement in GnuTLS
Next by Date: [Help-gnutls] Re: OpenSSL <-> GnuTLS imcompatibilities
Previous by thread: [Help-gnutls] Using the gnutls_sign_callback_set method
Next by thread: [Help-gnutls] BIO_s_mem Replacement in GnuTLS
Index(es):
- Date
- Thread