gnutls_certificate_set_retrieve_function3(3)

1gnutls_certificate_set_retrieve_fungcntguintoulnts3l_(sc3e)rtificate_set_retrieve_function3(3)
2
3
4

NAME

6       gnutls_certificate_set_retrieve_function3 - API function
7

SYNOPSIS

9       #include <gnutls/abstract.h>
10
11       void  gnutls_certificate_set_retrieve_function3(gnutls_certificate_cre‐
12       dentials_t cred, gnutls_certificate_retrieve_function3 * func);
13

ARGUMENTS

15       gnutls_certificate_credentials_t cred
16                   is a gnutls_certificate_credentials_t type.
17
18       gnutls_certificate_retrieve_function3 * func
19                   is the callback function
20

DESCRIPTION

22       This function sets a callback to be called in  order  to  retrieve  the
23       certificate  and OCSP responses to be used in the handshake.  func will
24       be called only if the peer requests a certificate either  during  hand‐
25       shake or during post-handshake authentication.
26
27       The callback's function prototype is defined in `abstract.h':
28
29       int   gnutls_certificate_retrieve_function3(   gnutls_session_t,  const
30       struct gnutls_cert_retr_st *info, gnutls_pcert_st **certs, unsigned int
31       *certs_length,  gnutls_ocsp_data_st  **ocsp, unsigned int *ocsp_length,
32       gnutls_privkey_t *privkey, unsigned int *flags);
33
34       The info field of the callback contains:
35        req_ca_dn which is a list with the CA names that the server  considers
36       trusted.   This  is  a hint and typically the client should send a cer‐
37       tificate that is signed by one of these CAs. These names,  when  avail‐
38       able,  are DER encoded. To get a more meaningful value use the function
39       gnutls_x509_rdn_get().
40        pk_algos contains a list with server's  acceptable  public  key  algo‐
41       rithms.  The certificate returned should support the server's given al‐
42       gorithms.
43
44       The callback should fill-in the following values:
45
46        certs should contain an allocated  list  of  certificates  and  public
47       keys.
48        certs_length is the size of the previous list.
49        ocsp should contain an allocated list of OCSP responses.
50        ocsp_length is the size of the previous list.
51        privkey is the private key.
52
53       If  flags  in  the callback are set to GNUTLS_CERT_RETR_DEINIT_ALL then
54       all provided values must be allocated using gnutls_malloc(),  and  will
55       be released by gnutls; otherwise they will not be touched by gnutls.
56
57       The callback function should set the certificate and OCSP response list
58       to be sent, and return 0 on success. If no certificates are  available,
59       the   certs_length  and   ocsp_length should be set to zero. The return
60       value (-1) indicates error and the handshake  will  be  terminated.  If
61       both  certificates  are set in the credentials and a callback is avail‐
62       able, the callback takes predence.
63
64       Raw public-keys: In case raw public-keys are negotiated as  certificate
65       type, certificates that would normally hold the public-key material are
66       not available. In that case,
67        certs contains an allocated list with only the public key. Since there
68       is no certificate, there is also no certificate status. Therefore, OCSP
69       information should not be set.
70

SINCE

72       3.6.3
73

REPORTING BUGS

75       Report bugs to <bugs@gnutls.org>.
76       Home page: https://www.gnutls.org
77
78

COPYRIGHT

80       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
81       Copying and distribution of this file, with  or  without  modification,
82       are  permitted in any medium without royalty provided the copyright no‐
83       tice and this notice are preserved.
84