[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Purpose of gnutls_credentials_set
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: Purpose of gnutls_credentials_set |
|
Date: |
Sun, 20 Jun 2010 21:13:02 +0200 |
|
User-agent: |
Thunderbird 2.0.0.24 (X11/20100411) |
Florian Weimer wrote:
> * Nikos Mavrogiannopoulos:
>
>> After or during the handshake (with a callback that I don't remember
>> its name) you should verify the certificate chain received by peer.
>> For that you can use gnutls_certificate_verify_peers2(). Could you
>> suggest the points in documentation that were not clear for you, so we
>> can correct them? The problem when I read the documentation is that I
>> know everything :) that needs to be done thus such things are easy to
>> miss.
> gnutls_certificate_set_x509_key, gnutls_certificate_set_x509_key_mem,
> gnutls_certificate_set_x509_key_file should mention that they are only
> relevant to the server side, and that on the client side,
> gnutls_certificate_client_set_retrieve_function has to be used to
> install a callback which provides the certificate to send to the
> server.
Hi,
Actually those functions you mention are valid for both client and
server side. The callback is optional and suitable for the case where
you might not initially know which certificate to load.
regards,
Nikos