[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] MHD_OPTION_HTTPS_MEM_TRUST and self-signed client ce
|
From: |
Christian Grothoff |
|
Subject: |
Re: [libmicrohttpd] MHD_OPTION_HTTPS_MEM_TRUST and self-signed client certificates |
|
Date: |
Sat, 30 May 2020 17:26:53 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 |
Hi Nicolas,
I suggest you ask about this on the GnuTLS mailinglist. MHD exposes to
you the GnuTLS handle, so it _should_ be possible to do what you want
with that.
Happy hacking!
Christian
On 5/30/20 2:42 PM, Nicolas Mora wrote:
> Hello Christian,
>
> Le 20-05-30 à 05 h 33, Christian Grothoff a écrit :
>> You can access client certificates (if provided) via
>> MHD_CONNECTION_INFO_GNUTLS_SESSION to get the `gnutls_session_t` and
>> then call gnutls_certificate_get_peers().
>>
> Thanks for the answer, I tried that but unfortunately when I use
> MHD_CONNECTION_INFO_GNUTLS_SESSION in a TLS connection,
> gnutls_certificate_get_peers returns NULL.
>
> I don't know if it's because of my curl options on the client side,
> because of the MHD options on the server side, or both...
>
> I tried using a CA or not in MHD, I can't get the client certificate if
> the client doesn't use a certificate signed by the expected CA
>
> /Nicolas
>
signature.asc
Description: OpenPGP digital signature