Authenticating client certificate GnuTLS

Asked Jan 05 '15 at 16:50

Active Jan 05 '15 at 17:09

Viewed 364 times

So, for an assignment I need to use GnuTLS and to start of, I followed the client and server examples in the documentation (http://www.gnutls.org/manual/gnutls.html) (client and server examples with X.509). Everything works fine till there.

However, I would like the server to authenticate the client (which, in the examples, does not by default). A little research has lead me to changing the flag GNUTLS_CERT in:

gnutls_certificate_server_set_request (mSession, GNUTLS_CERT_REQUEST);

I understand that this returns an error if the client does not provide a certificate that matches the server's trusted CA. However, is this enough to authenticate the client, or should there be more steps for authentication?

Thanks in advance.

edited Jan 05 '15 at 17:09

asked Jan 05 '15 at 16:50

buh

1

It's a good question. It does seem to imply TLS *client authentication*, but for a security topic the documentation of the API is too sparse (just sending the client cert. is of course not enough, but as far as I know, that only happens *as part of* client authentication). Just try it and monitor the SSL connection or get it working and then remove the private key of the client - it should fail when that happens. – Maarten Bodewes Jan 11 '15 at 12:11

Authenticating client certificate GnuTLS

0 Answers0