|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func})
|
|
Packit Service |
4684c1 |
@var{cred}: is a @code{gnutls_certificate_credentials_t} type.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{func}: is the callback function
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function sets a callback to be called in order to retrieve the
|
|
Packit Service |
4684c1 |
certificate and OCSP responses to be used in the handshake. @code{func} will
|
|
Packit Service |
4684c1 |
be called only if the peer requests a certificate either during handshake
|
|
Packit Service |
4684c1 |
or during post-handshake authentication.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The callback's function prototype is defined in `abstract.h':
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int gnutls_certificate_retrieve_function3(
|
|
Packit Service |
4684c1 |
gnutls_session_t,
|
|
Packit Service |
4684c1 |
const struct gnutls_cert_retr_st *info,
|
|
Packit Service |
4684c1 |
gnutls_pcert_st **certs,
|
|
Packit Service |
4684c1 |
unsigned int *pcert_length,
|
|
Packit Service |
4684c1 |
gnutls_ocsp_data_st **ocsp,
|
|
Packit Service |
4684c1 |
unsigned int *ocsp_length,
|
|
Packit Service |
4684c1 |
gnutls_privkey_t *privkey,
|
|
Packit Service |
4684c1 |
unsigned int *flags);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The info field of the callback contains:
|
|
Packit Service |
4684c1 |
@code{req_ca_dn} which is a list with the CA names that the server considers trusted.
|
|
Packit Service |
4684c1 |
This is a hint and typically the client should send a certificate that is signed
|
|
Packit Service |
4684c1 |
by one of these CAs. These names, when available, are DER encoded. To get a more
|
|
Packit Service |
4684c1 |
meaningful value use the function @code{gnutls_x509_rdn_get()} .
|
|
Packit Service |
4684c1 |
@code{pk_algos} contains a list with server's acceptable public key algorithms.
|
|
Packit Service |
4684c1 |
The certificate returned should support the server's given algorithms.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The callback should fill-in the following values.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@code{pcert} should contain an allocated list of certificates and public keys.
|
|
Packit Service |
4684c1 |
@code{pcert_length} is the size of the previous list.
|
|
Packit Service |
4684c1 |
@code{ocsp} should contain an allocated list of OCSP responses.
|
|
Packit Service |
4684c1 |
@code{ocsp_length} is the size of the previous list.
|
|
Packit Service |
4684c1 |
@code{pkey} is the private key.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If flags in the callback are set to @code{GNUTLS_CERT_RETR_DEINIT_ALL} then
|
|
Packit Service |
4684c1 |
all provided values must be allocated using @code{gnutls_malloc()} , and will
|
|
Packit Service |
4684c1 |
be released by gnutls; otherwise they will not be touched by gnutls.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The callback function should set the certificate and OCSP response
|
|
Packit Service |
4684c1 |
list to be sent, and return 0 on success. If no certificates are available,
|
|
Packit Service |
4684c1 |
the @code{pcert_length} and @code{ocsp_length} should be set to zero. The return
|
|
Packit Service |
4684c1 |
value (-1) indicates error and the handshake will be terminated. If both
|
|
Packit Service |
4684c1 |
certificates are set in the credentials and a callback is available, the
|
|
Packit Service |
4684c1 |
callback takes predence.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Since:} 3.6.3
|
|
Packit Service |
4684c1 |
@end deftypefun
|