[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Using the gnutls_sign_callback_set method
From: |
Simon Josefsson |
Subject: |
[Help-gnutls] Re: Using the gnutls_sign_callback_set method |
Date: |
Mon, 18 May 2009 11:52:53 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.93 (gnu/linux) |
<address@hidden> writes:
> Hi everybody
>
> We're trying to get gnutls to work with a cryptographic
> token. Therefore I've had a look at the gnutls_sign_callback_set
> method. What I don't understand is: At which point is the method
> called that I'm passing to gnutls_sign_callback_set?
During the call to gnutls_handshake.
See the self-test tests/x509signself.c, it forks a server and client
that talks to each other using the sign callback, without any private
key being available elsewhere in the code.
> I've tried it out by doing this:
...
>
> gnutls_certificate_set_x509_key_file(xcred,CERTFILE,KEYFILE,GNUTLS_X509_FMT_PEM);
I think this is your problem, you need to set a NULL keyfile. Otherwise
you supply the library with a private key, so it will use that instead
of invoking the callback. From the x509signself.c code:
gnutls_certificate_set_x509_key_mem (xcred, &cert, NULL,
GNUTLS_X509_FMT_PEM);
I think the example looks fine otherwise, although I didn't try to run
it.
/Simon