After or during the handshake (with a callback that I don't remember its name) you should verify the certificate chain received by peer. For that you can use gnutls_certificate_verify_peers2(). Could you suggest the points in documentation that were not clear for you, so we can correct them? The problem when I read the documentation is that I know everything :) that needs to be done thus such things are easy to miss.
regards, Nikos On Fri, Jun 4, 2010 at 10:32 AM, Florian Weimer <[email protected]> wrote: > I'm somewhat mystified what this function (and the surrounding > constructs) is supposed to do. I'm calling > gnutls_certificate_set_x509_trust_mem and > gnutls_certificate_set_x509_key in the client, but in itself, that > does not cause failures when connecting to a server which presents the > wrong certificate, nor does it cause the client to send along a > certificate (for that, I've found that I have to install a callback > using gnutls_certificate_client_set_retrieve_function). For > certificate verification to happen, it seems that I need to call > gnutls_certificate_verify_peers2 (or implement some sort of > verification manually). > > Perhaps this could be clarified in the documentation? > > -- > Florian Weimer <[email protected]> > BFK edv-consulting GmbH http://www.bfk.de/ > Kriegsstraße 100 tel: +49-721-96201-1 > D-76133 Karlsruhe fax: +49-721-96201-99 > > _______________________________________________ > Help-gnutls mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/help-gnutls > _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
