gnutls_certificate_set_retrieve_function3(3)

1gnutls_certificate_set_retrieve_fungcntguintoulnts3l_(sc3e)rtificate_set_retrieve_function3(3)
2
3
4

NAME

6       gnutls_certificate_set_retrieve_function3 - API function
7

SYNOPSIS

9       #include <gnutls/abstract.h>
10
11       void  gnutls_certificate_set_retrieve_function3(gnutls_certificate_cre‐
12       dentials_t cred, gnutls_certificate_retrieve_function3 * func);
13

ARGUMENTS

15       gnutls_certificate_credentials_t cred
16                   is a gnutls_certificate_credentials_t type.
17
18       gnutls_certificate_retrieve_function3 * func
19                   is the callback function
20

DESCRIPTION

22       This function sets a callback to be called in  order  to  retrieve  the
23       certificate  and OCSP responses to be used in the handshake.  func will
24       be called only if the peer requests a certificate either  during  hand‐
25       shake or during post-handshake authentication.
26
27       The  callback's  function  prototype  is  defined  in `abstract.h': int
28       (*callback)(gnutls_session_t, const struct  gnutls_cert_retr_st  *info,
29       gnutls_pcert_st  **certs,  unsigned  int  *pcert_length, gnutls_datum_t
30       **ocsp, unsigned int *ocsp_length, gnutls_privkey_t  *  pkey,  unsigned
31       int *flags);
32
33       The info field of the callback contains:
34        req_ca_dn  which is a list with the CA names that the server considers
35       trusted.  This is a hint and typically the client should  send  a  cer‐
36       tificate  that  is signed by one of these CAs. These names, when avail‐
37       able, are DER encoded. To get a more meaningful value use the  function
38       gnutls_x509_rdn_get().
39        pk_algos  contains  a  list  with server's acceptable public key algo‐
40       rithms.  The certificate returned should  support  the  server's  given
41       algorithms.
42
43       The callback should fill-in the following values.
44
45        pcert  should  contain  an  allocated  list of certificates and public
46       keys.
47        pcert_length is the size of the previous list.
48        ocsp should contain an allocated list of OCSP responses.
49        ocsp_length is the size of the previous list.
50        pkey is the private key.
51
52       If flags in the callback are set  to  GNUTLS_CERT_RETR_DEINIT_ALL  then
53       all  provided  values must be allocated using gnutls_malloc(), and will
54       be released by gnutls; otherwise they will not be touched by gnutls.
55
56       The callback function should set the certificate and OCSP response list
57       to  be sent, and return 0 on success. If no certificates are available,
58       the  pcert_length and  ocsp_length should be set to  zero.  The  return
59       value  (-1)  indicates  error  and the handshake will be terminated. If
60       both certificates are set in the credentials and a callback  is  avail‐
61       able, the callback takes predence.
62

SINCE

64       3.6.3
65

REPORTING BUGS

67       Report bugs to <bugs@gnutls.org>.
68       Home page: http://www.gnutls.org
69
70

COPYRIGHT

72       Copyright © 2001-2018 Free Software Foundation, Inc., and others.
73       Copying  and  distribution  of this file, with or without modification,
74       are permitted in any medium  without  royalty  provided  the  copyright
75       notice and this notice are preserved.
76