Re: Purpose of gnutls_credentials_set

[Nikos Mavrogiannopoulos]

After or during the handshake (with a callback that I don't remember
its name) you should verify the certificate chain received by peer.
For that you can use gnutls_certificate_verify_peers2(). Could you
suggest the points in documentation that were not clear for you, so we
can correct them? The problem when I read the documentation is that I
know everything :) that needs to be done thus such things are easy to
miss.

regards,
Nikos

On Fri, Jun 4, 2010 at 10:32 AM, Florian Weimer <address@hidden> wrote:
> I'm somewhat mystified what this function (and the surrounding
> constructs) is supposed to do.  I'm calling
> gnutls_certificate_set_x509_trust_mem and
> gnutls_certificate_set_x509_key in the client, but in itself, that
> does not cause failures when connecting to a server which presents the
> wrong certificate, nor does it cause the client to send along a
> certificate (for that, I've found that I have to install a callback
> using gnutls_certificate_client_set_retrieve_function).  For
> certificate verification to happen, it seems that I need to call
> gnutls_certificate_verify_peers2 (or implement some sort of
> verification manually).
>
> Perhaps this could be clarified in the documentation?
>
> --
> Florian Weimer                <address@hidden>
> BFK edv-consulting GmbH       http://www.bfk.de/
> Kriegsstraße 100              tel: +49-721-96201-1
> D-76133 Karlsruhe             fax: +49-721-96201-99
>
> _______________________________________________
> Help-gnutls mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/help-gnutls
>