1gnutls_reauth(3)                    gnutls                    gnutls_reauth(3)
2
3
4

NAME

6       gnutls_reauth - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       int gnutls_reauth(gnutls_session_t session, unsigned int flags);
12

ARGUMENTS

14       gnutls_session_t session
15                   is a gnutls_session_t type.
16
17       unsigned int flags
18                   must be zero
19

DESCRIPTION

21       This  function  performs the post-handshake authentication for TLS 1.3.
22       The post-handshake authentication is initiated by the server by calling
23       this  function.  Clients  respond when GNUTLS_E_REAUTH_REQUEST has been
24       seen while receiving data.
25
26       The non-fatal errors expected by  this  function  are:  GNUTLS_E_INTER‐
27       RUPTED,  GNUTLS_E_AGAIN,  as well as GNUTLS_E_GOT_APPLICATION_DATA when
28       called on server side.
29
30       The former two interrupt the authentication procedure due to the trans‐
31       port layer being interrupted, and the latter because there were pending
32       data prior to peer initiating the re-authentication. The server  should
33       read/process   that   data   as   unauthenticated   and  retry  calling
34       gnutls_reauth().
35
36       When this function is called under TLS1.2 or earlier or the peer didn't
37       advertise  post-handshake  auth,  it  always  fails  with  GNUTLS_E_IN‐
38       VALID_REQUEST. The verification of the received  peers  certificate  is
39       delegated  to  the  session  or  credentials  verification callbacks. A
40       server can check whether post handshake authentication is supported  by
41       the   client   by   checking   the   session   flags  with  gnutls_ses‐
42       sion_get_flags().
43
44       Prior to calling this function in server side, the function gnutls_cer‐
45       tificate_server_set_request()  must  be called setting expectations for
46       the received certificate (request or require). If  none  are  set  this
47       function will return with GNUTLS_E_INVALID_REQUEST.
48
49       Note  that  post  handshake authentication is available irrespective of
50       the initial negotiation type (PSK or certificate). In  all  cases  how‐
51       ever, certificate credentials must be set to the session prior to call‐
52       ing this function.
53

RETURNS

55       GNUTLS_E_SUCCESS on a successful authentication, otherwise  a  negative
56       error code.
57

REPORTING BUGS

59       Report bugs to <bugs@gnutls.org>.
60       Home page: https://www.gnutls.org
61
62
64       Copyright © 2001- Free Software Foundation, Inc., and others.
65       Copying  and  distribution  of this file, with or without modification,
66       are permitted in any medium without royalty provided the copyright  no‐
67       tice and this notice are preserved.
68

SEE ALSO

70       The  full  documentation  for gnutls is maintained as a Texinfo manual.
71       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
72       visit
73
74       https://www.gnutls.org/manual/
75
76gnutls                               3.7.2                    gnutls_reauth(3)
Impressum