gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice

From: Nikos Mavrogiannopoulos
Subject: Re: iDevice GnuTLS issue with iOS 4.2 - libimobiledevice
Date: Sat, 27 Nov 2010 06:07:07 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10 
On 11/26/2010 09:39 PM, Nikias Bassen wrote:

>> No. They are functions for the one that wants to use certificate (it can be
>> either server or client). The only distinction between server and
>> client in gnutls
>> is being done in gnutls_init(). Most of the other functions are applicable to
>> both unless they mention otherwise in the description.
> I made dumps with OpenSSL (succeeding) and GnuTLS (failing) and found out that
> the GnuTLS code fails because it can't find a certificate. It sends the
> following packet to the device, instead of the certificate (like openssl does)

If you use gnutls_certificate_set_x509_key_file() then it will send a
certificate to the server if the server requests a CA that matches the
one in the certificate (you can check which one the server requested by
viewing the transaction in wireshark).

An alternative way, which you can force to send a certificate even if
the server didn't request one, is by using the certificate callback
function. See example in:
http://www.gnu.org/software/gnutls/manual/html_node/Using-a-callback-to-select-the-certificate-to-use.html#Using-a-callback-to-select-the-certificate-to-use


regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]