Hi Nikos, inline...
On Wed, May 21, 2008 at 1:35 PM, Nikos Mavrogiannopoulos <[EMAIL PROTECTED]> wrote: > Rainer Gerhards wrote: >> Hi list, >> >> me again ;) I have a server and client, both with self-signed >> certificates and no common root CA. My server requests the client's >> certificate. However, it does not receive one when there is no common >> root CA. If I add a common root CA to both client and server (but >> still have self-signed certs NOT signed by the common CA), I receive >> the client certificate. >> Is this desired behavior (I think I read it is, but can no longer find >> the doc page where it is described). > > Yes this is the desired behavior. That is because the server requests > certificates only from the CAs he trusts. That makes an awful lot of sense ;) > >> If so, is there any way around it >> (e.g. via the certificate retrieve functions)? > > 1. Include the client CA certificate into the server trusted CA list > > 2. (hack) > You should use the callback functions in client so that you can send any > certificate that you like regardless of what the server requests (check > gnutls-cli code). I'll go for 2, as I need to support self-signed certs (again, the fingerprint issue). Thanks again for your help, Rainer _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
