[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: TLS/OpenPGP draft expiring soon
|
From: |
Ludovic Courtès |
|
Subject: |
[Help-gnutls] Re: TLS/OpenPGP draft expiring soon |
|
Date: |
Thu, 01 Feb 2007 17:34:32 +0100 |
|
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Hi,
Simon Josefsson <address@hidden> writes:
> Also, creating examples and a self test for the OpenPGP stuff would be
> useful. Have you managed to get it to work at all?
It took me a while, but I finally found why `gnutls-serv' wouldn't do
the job as expected (I knew it should work because I have small
client/server of my own that do work).
First, the patch below must be applied to `serv.c'. Then, actual DH
and/or RSA parameters must be provided or generated for the server. So
we end up with a command-line like this for the server:
$ ./gnutls-serv --dhparams tls-dh-params \
--ctypes openpgp --pgpcertfile pub.asc \
--pgpkeyfile sec.asc
And for the client:
$ gnutls-cli --ctypes openpgp --pgpcertfile pub.asc \
--pgpkeyfile sec.asc -p 5556 localhost
And it works like a charm, even with `--require-cert' passed to the
server.
Can you confirm?
Thanks,
Ludovic.
--- orig/src/serv.c
+++ mod/src/serv.c
@@ -821,9 +821,8 @@
}
gnutls_certificate_set_params_function (cert_cred, get_params);
-/* gnutls_certificate_set_dh_params(cert_cred, dh_params);
- * gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
- */
+ gnutls_certificate_set_dh_params(cert_cred, dh_params);
+ gnutls_certificate_set_rsa_export_params(cert_cred, rsa_params);
/* this is a password file (created with the included srpcrypt utility)
* Read README.crypt prior to using SRP.