Joe Orton wrote: > I've tried this using a git build of GnuTLS, gnutls-cli and a test > httpd/mod_ssl server configured for per-location client cert auth (i.e. > it requests a second handshake after the GET request is recevied), and > it does fail, so I think this is indeed a GnuTLS bug in the handling of > rehandshakes.
Hello Joe, I the test case was not correct. The call (from server) to gnutls_rehandshake will only notify the client about a rehandshake. After that a call to gnutls_handshake is required. Once I do this the test case works correctly (i've also committed it). To debug (1 - gnutls-cli log output from testing using httpd/mod_ssl) you might need some output from mod_ssl as well. There the server notifies the client about a rehandshake, the client starts the handshake by sending client hello and the server replies with an alert. regards, Nikos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
