[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Handling "normal" peer errors on invalid certs
|
From: |
Philip Kovacs |
|
Subject: |
[Help-gnutls] Handling "normal" peer errors on invalid certs |
|
Date: |
Tue, 12 Jun 2007 11:26:53 -0400 |
|
User-agent: |
Mutt/1.5.15 (2007-04-06) |
Hi. I'm new to GnuTLS. I'm using it for a client-server library and
I have a fairly basic question.
When my server is configured to require x.509 client certificates,
and the client either fails to send one, or sends an invalid one,
the server detects this error during its gnuttls_handshake() and
I have the server break off the connection, as desired.
The client's gnutls_handshake(), upon server break-off is returning
either GNUTLS_E_PUSH_ERROR or GNUTLS_E_UNEXPECTED_PACKET_LENGTH.
The server situation is similar: if the client detects an invalid
server certificate, I have the client break off the connection.
The server then sees GNUTLS_E_UNEXPECTED_PACKET_LENGTH in its (first)
gnutls_record_recv().
Is there something more I need to do in order to close the communication
down more "gracefully" in situations where certificate failures are seen?
Just seems odd to be handling GNUTLS_E_PUSH_ERROR or
GNUTLS_E_UNEXPECTED_PACKET_LENGTH "normally" when the other side doesn't
like the certificate.
I'm using GnuTLS 1.4.4 for the moment.
Thanks.
Phil
pgpIQs1qYd9oH.pgp
Description: PGP signature
- [Help-gnutls] Handling "normal" peer errors on invalid certs,
Philip Kovacs <=