|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func})
|
|
Packit |
aea12f |
@var{cred}: is a @code{gnutls_certificate_credentials_t} type.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{func}: is the callback function
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function sets a callback to be called in order to retrieve the
|
|
Packit |
aea12f |
certificate to be used in the handshake. The callback will take control
|
|
Packit |
aea12f |
only if a certificate is requested by the peer.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback's function prototype is:
|
|
Packit |
aea12f |
int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
|
|
Packit |
aea12f |
const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert,
|
|
Packit |
aea12f |
unsigned int *pcert_length, gnutls_privkey_t * pkey);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{req_ca_dn} is only used in X.509 certificates.
|
|
Packit |
aea12f |
Contains a list with the CA names that the server considers trusted.
|
|
Packit |
aea12f |
This is a hint and typically the client should send a certificate that is signed
|
|
Packit |
aea12f |
by one of these CAs. These names, when available, are DER encoded. To get a more
|
|
Packit |
aea12f |
meaningful value use the function @code{gnutls_x509_rdn_get()} .
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pk_algos} contains a list with server's acceptable public key algorithms.
|
|
Packit |
aea12f |
The certificate returned should support the server's given algorithms.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pcert} should contain a single certificate and public key or a list of them.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pcert_length} is the size of the previous list.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@code{pkey} is the private key.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
If the callback function is provided then gnutls will call it, in the
|
|
Packit |
aea12f |
handshake, after the certificate request message has been received.
|
|
Packit |
aea12f |
All the provided by the callback values will not be released or
|
|
Packit |
aea12f |
modified by gnutls.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
In server side pk_algos and req_ca_dn are NULL.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The callback function should set the certificate list to be sent,
|
|
Packit |
aea12f |
and return 0 on success. If no certificate was selected then the
|
|
Packit |
aea12f |
number of certificates should be set to zero. The value (-1)
|
|
Packit |
aea12f |
indicates error and the handshake will be terminated. If both certificates
|
|
Packit |
aea12f |
are set in the credentials and a callback is available, the callback
|
|
Packit |
aea12f |
takes predence.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.0
|
|
Packit |
aea12f |
@end deftypefun
|