[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnutls] client certificate not provided when no common root ca
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: [Help-gnutls] client certificate not provided when no common root ca |
|
Date: |
Wed, 21 May 2008 14:35:33 +0300 |
|
User-agent: |
Thunderbird 2.0.0.14 (X11/20080505) |
Rainer Gerhards wrote:
> Hi list,
>
> me again ;) I have a server and client, both with self-signed
> certificates and no common root CA. My server requests the client's
> certificate. However, it does not receive one when there is no common
> root CA. If I add a common root CA to both client and server (but
> still have self-signed certs NOT signed by the common CA), I receive
> the client certificate.
> Is this desired behavior (I think I read it is, but can no longer find
> the doc page where it is described).
Yes this is the desired behavior. That is because the server requests
certificates only from the CAs he trusts.
> If so, is there any way around it
> (e.g. via the certificate retrieve functions)?
1. Include the client CA certificate into the server trusted CA list
2. (hack)
You should use the callback functions in client so that you can send any
certificate that you like regardless of what the server requests (check
gnutls-cli code).
regards,
Nikos