[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificate Request State
From: |
Simon Josefsson |
Subject: |
Re: Certificate Request State |
Date: |
Wed, 29 Jul 2009 21:01:39 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.96 (gnu/linux) |
Nikos Mavrogiannopoulos <address@hidden> writes:
> Peter Hendrickson wrote:
>> Running GnuTLS 2.8.1 under Ubuntu 9.04, I find that
>> gnutls_certificate_client_get_request_status() falsely reports that no
>> client certificate was requested, even when there was a request. (The
>> server code is supposed to be asking for a certificate, it
>> successfully verifies the client certificate, and I can see the
>> certificate request packet to the client and the client sending its
>> certificate.)
>>
>> Watching in the debugger, it appears that when the "Certificate
>> Request" handshake packet arrives at the client from the server, the
>> client sets session->key->certificate_requested to 1 in
>> auth_cert.c:_gnutls_proc_cert_cert_req().
>>
>> The problem seems to lie in gnutls_certificate_client_get_request_status()
>> itself.
>
> Corrected thanks. I also don't remember why this is like that. It must
> have been some incomplete attempt to move this variable from the key to
> auth_info structure.
Thanks for report Peter. I added a NEWS entry about this:
** libgnutls: Fix return value of gnutls_certificate_client_get_request_status.
Before it always returned false. Reported by Peter Hendrickson
<address@hidden> in
<http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3668>.
And also back-ported it to GnuTLS 2.8.x, it seemed like a obvious and
safe fix.
/Simon