1gnutls_certificate_set_retrieve_fungcntguintoulnts3l_(sc3e)rtificate_set_retrieve_function3(3)
2
3
4
6 gnutls_certificate_set_retrieve_function3 - API function
7
9 #include <gnutls/abstract.h>
10
11 void gnutls_certificate_set_retrieve_function3(gnutls_certificate_cre‐
12 dentials_t cred, gnutls_certificate_retrieve_function3 * func);
13
15 gnutls_certificate_credentials_t cred
16 is a gnutls_certificate_credentials_t type.
17
18 gnutls_certificate_retrieve_function3 * func
19 is the callback function
20
22 This function sets a callback to be called in order to retrieve the
23 certificate and OCSP responses to be used in the handshake. func will
24 be called only if the peer requests a certificate either during hand‐
25 shake or during post-handshake authentication.
26
27 The callback's function prototype is defined in `abstract.h':
28
29 int gnutls_certificate_retrieve_function3( gnutls_session_t, const
30 struct gnutls_cert_retr_st *info, gnutls_pcert_st **certs, unsigned int
31 *pcert_length, gnutls_ocsp_data_st **ocsp, unsigned int *ocsp_length,
32 gnutls_privkey_t *privkey, unsigned int *flags);
33
34 The info field of the callback contains:
35 req_ca_dn which is a list with the CA names that the server considers
36 trusted. This is a hint and typically the client should send a cer‐
37 tificate that is signed by one of these CAs. These names, when avail‐
38 able, are DER encoded. To get a more meaningful value use the function
39 gnutls_x509_rdn_get().
40 pk_algos contains a list with server's acceptable public key algo‐
41 rithms. The certificate returned should support the server's given
42 algorithms.
43
44 The callback should fill-in the following values.
45
46 pcert should contain an allocated list of certificates and public
47 keys.
48 pcert_length is the size of the previous list.
49 ocsp should contain an allocated list of OCSP responses.
50 ocsp_length is the size of the previous list.
51 pkey is the private key.
52
53 If flags in the callback are set to GNUTLS_CERT_RETR_DEINIT_ALL then
54 all provided values must be allocated using gnutls_malloc(), and will
55 be released by gnutls; otherwise they will not be touched by gnutls.
56
57 The callback function should set the certificate and OCSP response list
58 to be sent, and return 0 on success. If no certificates are available,
59 the pcert_length and ocsp_length should be set to zero. The return
60 value (-1) indicates error and the handshake will be terminated. If
61 both certificates are set in the credentials and a callback is avail‐
62 able, the callback takes predence.
63
65 3.6.3
66
68 Report bugs to <bugs@gnutls.org>.
69 Home page: https://www.gnutls.org
70
71
73 Copyright © 2001- Free Software Foundation, Inc., and others.
74 Copying and distribution of this file, with or without modification,
75 are permitted in any medium without royalty provided the copyright
76 notice and this notice are preserved.
77
79 The full documentation for gnutls is maintained as a Texinfo manual.
80 If the /usr/share/doc/gnutls/ directory does not contain the HTML form
81 visit
82
83 https://www.gnutls.org/manual/
84
85gnutls gn3u.t6l.s1_5certificate_set_retrieve_function3(3)