> Maybe it is because I use the cipher
> suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA which might not be
> supported...
I think your use of tlsclient is correct. However, the ECDHE key
agreement protocol is not currently supported by Plan 9's libsec.
Could you enable the TLS_RSA_WITH_AES_256_CBC_SHA
Ok thanks for the help.
I'm trying to use it with 9vx + lastest 9front rootfs that already have
this patch applied.
I put my client private key into factotum like this:
% cat client.key.plan9 >> /mnt/factotum/ctl
Then I'm trying to dial with tlsclient:
% tlsclient -D -c client.crt.pem -t ca.crt.
> I think I also need to add the server's CA's certificate, so factotum
> can check the server identity. Right?
Factotum is meant to store the private keys. The CA certificate
would probably have its place in /sys/lib/tls (in PEM format).
However, this is not needed, since the current X.509 implem
Thanks, I managed to convert the key this way and added it to factotum.
I think I also need to add the server's CA's certificate, so factotum can
check the server identity. Right?
I converted the CA crt to DER like this:
openssl x509 -in ca.crt.pem -inform PEM -out ca.crt.der -outform DER
Not I'
> I tried to do the opposite : generating keys as PEM using linux's
> openssl, then convert them to plan9 format using pemdecode without
> success.
You have to convert the key from PEM to DER with OpenSSL,
then convert it to the Factotum format using auth/asn12rsa:
openssl rsa -in key.pem -inform
Hi, I'm using golang to code a 9p filesystem on linux. I wish to use srv +
factotum + 9pfuse from p9p as client to test the fs.
The server uses TLS with client authentication. Golang tls lib need keys in
PEM format (I think). On the client side, factotum need the keys in plan9
format.
I have no pr
