|
NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | SINCE | REPORTING BUGS | COPYRIGHT | SEE ALSO | COLOPHON |
gnutls_certificate_set_retrieve_function3(3)ficate_set_retrieve_function3(3)
gnutls_certificate_set_retrieve_function3 - API function
#include <gnutls/abstract.h>
void
gnutls_certificate_set_retrieve_function3(gnutls_certificate_credentials_t
cred, gnutls_certificate_retrieve_function3 * func);
gnutls_certificate_credentials_t cred
is a gnutls_certificate_credentials_t type.
gnutls_certificate_retrieve_function3 * func
is the callback function
This function sets a callback to be called in order to retrieve the
certificate and OCSP responses to be used in the handshake. func
will be called only if the peer requests a certificate either during
handshake or during post-handshake authentication.
The callback's function prototype is defined in `abstract.h':
int gnutls_certificate_retrieve_function3( gnutls_session_t, const
struct gnutls_cert_retr_st *info, gnutls_pcert_st **certs, unsigned
int *pcert_length, gnutls_ocsp_data_st **ocsp, unsigned int
*ocsp_length, gnutls_privkey_t *privkey, unsigned int *flags);
The info field of the callback contains:
req_ca_dn which is a list with the CA names that the server
considers trusted. This is a hint and typically the client should
send a certificate that is signed by one of these CAs. These names,
when available, are DER encoded. To get a more meaningful value use
the function gnutls_x509_rdn_get().
pk_algos contains a list with server's acceptable public key
algorithms. The certificate returned should support the server's
given algorithms.
The callback should fill-in the following values.
pcert should contain an allocated list of certificates and public
keys.
pcert_length is the size of the previous list.
ocsp should contain an allocated list of OCSP responses.
ocsp_length is the size of the previous list.
pkey is the private key.
If flags in the callback are set to GNUTLS_CERT_RETR_DEINIT_ALL then
all provided values must be allocated using gnutls_malloc(), and will
be released by gnutls; otherwise they will not be touched by gnutls.
The callback function should set the certificate and OCSP response
list to be sent, and return 0 on success. If no certificates are
available, the pcert_length and ocsp_length should be set to zero.
The return value (-1) indicates error and the handshake will be
terminated. If both certificates are set in the credentials and a
callback is available, the callback takes predence.
3.6.3
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
Copyright © 2001-2019 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
notice and this notice are preserved.
The full documentation for gnutls is maintained as a Texinfo manual.
If the /usr/share/doc/gnutls/ directory does not contain the HTML
form visit
https://www.gnutls.org/manual/
This page is part of the GnuTLS (GnuTLS Transport Layer Security
Library) project. Information about the project can be found at
⟨http://www.gnutls.org/⟩. If you have a bug report for this manual
page, send it to bugs@gnutls.org. This page was obtained from the
tarball gnutls-3.6.9.tar.xz fetched from
⟨http://www.gnutls.org/download.html⟩ on 2020-08-13. If you discover
any rendering problems in this HTML version of the page, or you
believe there is a better or more up-to-date source for the page, or
you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
to man-pages@man7.org
gnutls gnut3l.s6_.c9ertificate_set_retrieve_function3(3)