[Help-gnutls] Using the gnutls_sign_callback_set method

[Tobias.Soder]

Hi everybody

 

We’re trying to get gnutls to work with a cryptographic token. Therefore I’ve had a look at the gnutls_sign_callback_set method. What I don’t understand is: At which point is the method called that I’m passing to gnutls_sign_callback_set?

 

I’ve tried it out by doing this:

 

char* testString;

 

int custom_gnutls_sign(gnutls_session_t session, void *userdata, gnutls_certificate_type_t cert_type, const gnutls_datum_t * cert, const gnutls_datum_t * hash, gnutls_datum_t * signature) {

                testString = "Changed!!\n";

}

 

int main (void) {

 

  // … declarations

 

  testString = "Not changed!\n";

 

 gnutls_global_init();

  gnutls_certificate_allocate_credentials(&xcred);

  gnutls_certificate_set_x509_trust_file(xcred,CAFILE,GNUTLS_X509_FMT_PEM);

  gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);

 

  /* initialize TLS session */

  gnutls_init(&session, GNUTLS_CLIENT);

  /* for doc about gnutls_priority_init read the man page */

  ret=gnutls_priority_set_direct(session,"PERFORMANCE",&err);

  if (ret<0)

    {

      if (ret==GNUTLS_E_INVALID_REQUEST)

                fprintf(stdout,"ERROR: Syntax error at %s\n",err);

      exit(1);

    }

  gnutls_credentials_set(session,GNUTLS_CRD_CERTIFICATE,xcred);

 

  /* Setting Callback */

  gnutls_sign_callback_set(session, custom_gnutls_sign, NULL);

 

 /* connect to peer */

  sd=tcp_connect();

  gnutls_transport_set_ptr(session,(gnutls_transport_ptr_t)sd);

 

  /* perform handshake */

  ret=gnutls_handshake(session);

  if(ret<0)

    {

      fprintf(stdout,"ERROR: Handshake failed\n");

      gnutls_perror(ret);

      goto end;

    }

  else

    printf("INFO: Handshake was completed\n");

 

  /* verify the server's certificate */

  if(ret==0)

    {

      int rc;

      unsigned int status;

 

      /* abort if verification fails */

      rc = gnutls_certificate_verify_peers2(session,&status);

      if(rc!=0 || status!=0)

                {

                  printf("ERROR: Verifying server certificate failed!\n");

                  exit(1);

                }

      printf("INFO: server verified\n");

    }

 

  printf("INFO: handshake and server verification completed\n");

 

  /* print TLS version */

  tmp = gnutls_protocol_get_name (gnutls_protocol_get_version (session));

  printf ("INFO: TLS Protocol: %s\n", tmp);

 

 

  /* test the connection with a sample message */

  gnutls_record_send(session,MSG,strlen(MSG));

  ret=gnutls_record_recv(session,buffer,MAX_BUF);

  if(ret==0)

    {

      printf("INFO: Peer has closed the connection\n");

      goto end;

    }

  else if(ret<0)

    {

      fprintf(stdout,"ERROR: %s\n",gnutls_strerror(ret));

      goto end;

    }

 

  printf("INFO: Received %d bytes: ", ret);

  for(ii=0;ii<ret;ii++)

    fputc(buffer[ii],stdout);

  fputs("\n",stdout);

 

 

  gnutls_bye(session,GNUTLS_SHUT_RDWR);

 

 end:

  tcp_close(sd);

  gnutls_deinit(session);

  gnutls_certificate_free_credentials(xcred);

  gnutls_global_deinit();

 

  printf(testString);

 

  return 0;

}

 

The client runs through without any problems. But the testString is still “Not Changed!” at the last output. So it seems, that my callback method is never called… What am I doing wrong? Any hints appreciated!

 

Greetings

Tobias