|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{session}: is a @code{gnutls_session_t} type.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: must be zero
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function performs the post-handshake authentication
|
|
Packit Service |
4684c1 |
for TLS 1.3. The post-handshake authentication is initiated by the server
|
|
Packit Service |
4684c1 |
by calling this function. Clients respond when @code{GNUTLS_E_REAUTH_REQUEST}
|
|
Packit Service |
4684c1 |
has been seen while receiving data.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The non-fatal errors expected by this function are:
|
|
Packit Service |
4684c1 |
@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , as well as
|
|
Packit Service |
4684c1 |
@code{GNUTLS_E_GOT_APPLICATION_DATA} when called on server side.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The former two interrupt the authentication procedure due to the transport
|
|
Packit Service |
4684c1 |
layer being interrupted, and the latter because there were pending data prior
|
|
Packit Service |
4684c1 |
to peer initiating the re-authentication. The server should read/process that
|
|
Packit Service |
4684c1 |
data as unauthenticated and retry calling @code{gnutls_reauth()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
When this function is called under TLS1.2 or earlier or the peer didn't
|
|
Packit Service |
4684c1 |
advertise post-handshake auth, it always fails with
|
|
Packit Service |
4684c1 |
@code{GNUTLS_E_INVALID_REQUEST} . The verification of the received peers certificate
|
|
Packit Service |
4684c1 |
is delegated to the session or credentials verification callbacks. A
|
|
Packit Service |
4684c1 |
server can check whether post handshake authentication is supported
|
|
Packit Service |
4684c1 |
by the client by checking the session flags with @code{gnutls_session_get_flags()} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Prior to calling this function in server side, the function
|
|
Packit Service |
4684c1 |
@code{gnutls_certificate_server_set_request()} must be called setting expectations
|
|
Packit Service |
4684c1 |
for the received certificate (request or require). If none are set
|
|
Packit Service |
4684c1 |
this function will return with @code{GNUTLS_E_INVALID_REQUEST} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that post handshake authentication is available irrespective
|
|
Packit Service |
4684c1 |
of the initial negotiation type (PSK or certificate). In all cases
|
|
Packit Service |
4684c1 |
however, certificate credentials must be set to the session prior
|
|
Packit Service |
4684c1 |
to calling this function.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful authentication, otherwise a negative error code.
|
|
Packit Service |
4684c1 |
@end deftypefun
|