1gnutls_reauth(3)                    gnutls                    gnutls_reauth(3)
2
3
4

NAME

6       gnutls_reauth - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       int gnutls_reauth(gnutls_session_t session, unsigned int flags);
12

ARGUMENTS

14       gnutls_session_t session
15                   is a gnutls_session_t type.
16
17       unsigned int flags
18                   must be zero
19

DESCRIPTION

21       This  function  performs the post-handshake authentication for TLS 1.3.
22       The post-handshake authentication is initiated by the server by calling
23       this  function.  Clients  respond when GNUTLS_E_REAUTH_REQUEST has been
24       seen while receiving data.
25
26       The non-fatal errors expected by  this  function  are:  GNUTLS_E_INTER‐
27       RUPTED,  GNUTLS_E_AGAIN,  as well as GNUTLS_E_GOT_APPLICATION_DATA when
28       called on server side.
29
30       The former two interrupt the authentication procedure due to the trans‐
31       port layer being interrupted, and the latter because there were pending
32       data prior to peer initiating the re-authentication. The server  should
33       read/process   that   data   as   unauthenticated   and  retry  calling
34       gnutls_reauth().
35
36       When this function is called under TLS1.2 or earlier or the peer didn't
37       advertise     post-handshake     auth,    it    always    fails    with
38       GNUTLS_E_INVALID_REQUEST. The verification of the received  peers  cer‐
39       tificate  is delegated to the session or credentials verification call‐
40       backs. A server can check whether post handshake authentication is sup‐
41       ported  by  the  client  by checking the session flags with gnutls_ses‐
42       sion_get_flags().
43
44       Prior to calling this function in server side, the function gnutls_cer‐
45       tificate_server_set_request()  must  be called setting expectations for
46       the received certificate (request or require). If  none  are  set  this
47       function will return with GNUTLS_E_INVALID_REQUEST.
48
49       Note  that  post  handshake authentication is available irrespective of
50       the initial negotiation type (PSK or certificate). In  all  cases  how‐
51       ever, certificate credentials must be set to the session prior to call‐
52       ing this function.
53

RETURNS

55       GNUTLS_E_SUCCESS on a successful authentication, otherwise  a  negative
56       error code.
57

REPORTING BUGS

59       Report bugs to <bugs@gnutls.org>.
60       Home page: http://www.gnutls.org
61
62
64       Copyright © 2001-2018 Free Software Foundation, Inc., and others.
65       Copying  and  distribution  of this file, with or without modification,
66       are permitted in any medium  without  royalty  provided  the  copyright
67       notice and this notice are preserved.
68

SEE ALSO

70       The  full  documentation  for gnutls is maintained as a Texinfo manual.
71       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
72       visit
73
74       http://www.gnutls.org/manual/
75
76gnutls                               3.6.5                    gnutls_reauth(3)
Impressum