gnutls_certificate_set_retrieve_function3

gnutls_certificate_set_retrieve_funcgnutlsscertificate_set_retrieve_function3(3)



NAME
       gnutls_certificate_set_retrieve_function3 - API function

SYNOPSIS
       #include <gnutls/abstract.h>

       void
       gnutls_certificate_set_retrieve_function3(gnutls_certificate_credentials_t
       cred, gnutls_certificate_retrieve_function3 * func);

ARGUMENTS
       gnutls_certificate_credentials_t cred
                   is a gnutls_certificate_credentials_t type.

       gnutls_certificate_retrieve_function3 * func
                   is the callback function

DESCRIPTION
       This function sets a callback to be called in order to retrieve the
       certificate and OCSP responses to be used in the handshake.  func will be
       called only if the peer requests a certificate either during handshake or
       during post-handshake authentication.

       The callback's function prototype is defined in `abstract.h':

       int gnutls_certificate_retrieve_function3( gnutls_session_t, const struct
       gnutls_cert_retr_st *info, gnutls_pcert_st **certs, unsigned int
       *pcert_length, gnutls_ocsp_data_st **ocsp, unsigned int *ocsp_length,
       gnutls_privkey_t *privkey, unsigned int *flags);

       The info field of the callback contains:
        req_ca_dn which is a list with the CA names that the server considers
       trusted.  This is a hint and typically the client should send a
       certificate that is signed by one of these CAs. These names, when
       available, are DER encoded. To get a more meaningful value use the
       function gnutls_x509_rdn_get().
        pk_algos contains a list with server's acceptable public key algorithms.
       The certificate returned should support the server's given algorithms.

       The callback should fill-in the following values.

        pcert should contain an allocated list of certificates and public keys.
        pcert_length is the size of the previous list.
        ocsp should contain an allocated list of OCSP responses.
        ocsp_length is the size of the previous list.
        pkey is the private key.

       If flags in the callback are set to GNUTLS_CERT_RETR_DEINIT_ALL then all
       provided values must be allocated using gnutls_malloc(), and will be
       released by gnutls; otherwise they will not be touched by gnutls.

       The callback function should set the certificate and OCSP response list
       to be sent, and return 0 on success. If no certificates are available,
       the  pcert_length and  ocsp_length should be set to zero. The return
       value (-1) indicates error and the handshake will be terminated. If both
       certificates are set in the credentials and a callback is available, the
       callback takes predence.

SINCE
       3.6.3

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org


COPYRIGHT
       Copyright © 2001-2020 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are
       permitted in any medium without royalty provided the copyright notice and
       this notice are preserved.

SEE ALSO
       The full documentation for gnutls is maintained as a Texinfo manual.  If
       the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       https://www.gnutls.org/manual/

gnutls                              gnutls3certificate_set_retrieve_function3(3)