Re: Purpose of gnutls_credentials_set

[Florian Weimer]

* Nikos Mavrogiannopoulos:

> Florian Weimer wrote:
>> * Nikos Mavrogiannopoulos:
>> 
>>> After or during the handshake (with a callback that I don't remember
>>> its name) you should verify the certificate chain received by peer.
>>> For that you can use gnutls_certificate_verify_peers2(). Could you
>>> suggest the points in documentation that were not clear for you, so we
>>> can correct them? The problem when I read the documentation is that I
>>> know everything :) that needs to be done thus such things are easy to
>>> miss.
>> gnutls_certificate_set_x509_key, gnutls_certificate_set_x509_key_mem,
>> gnutls_certificate_set_x509_key_file should mention that they are only
>> relevant to the server side, and that on the client side,
>> gnutls_certificate_client_set_retrieve_function has to be used to
>> install a callback which provides the certificate to send to the
>> server.
>
>  Hi,
> Actually those functions you mention are valid for both client and
> server side. The callback is optional and suitable for the case where
> you might not initially know which certificate to load.

But if I don't use the callback, the client does not actually send the
certificate, so I'm now totally confused. 8-)

-- 
Florian Weimer                <address@hidden>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99