[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnutls-dev] generate_rdn_seq() collects CA's issuers, why?
|
From: |
Max Kellermann |
|
Subject: |
[gnutls-dev] generate_rdn_seq() collects CA's issuers, why? |
|
Date: |
Tue, 12 Dec 2006 18:50:17 +0100 |
|
User-agent: |
Mutt/1.5.13 (2006-08-11) |
Hi,
I'm currently hunting a tricky problem in my gnutls application; the
client refuses to send any certificates to the server. I tracked it
all down to generate_rdn_seq(), which does not add the CA's DNs to the
rdn_seq, but adds the CA's issuer's DNs.
Why that?
The CAs are being trusted, not the CA's issuers. Now my client only
sees the root CA, which did not sign his client certificate (Root CA
-> client CA -> client certificate) - which is why the client will not
send any certificate.
Two experiments resulted in a success (which should not be):
- first, I added another client certificate to the server's trusted
"CAs", now the client would see his own issuer in the list and sent
his own certificate
- second, I modified generate_rdn_seq() to call
_gnutls_x509_crt_get_raw_dn() instead of
_gnutls_x509_crt_get_raw_issuer_dn() - the same: everything works
fine.
If I'm correct and if this is really a bug in gnutls, I believe my
second experiment is a solution for the gnutls bug.
Max
- [gnutls-dev] generate_rdn_seq() collects CA's issuers, why?,
Max Kellermann <=