|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@deftypefun {void} {gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func})
|
|
Packit Service |
4684c1 |
@var{cred}: is a @code{gnutls_srp_server_credentials_t} type.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{func}: is the callback function
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
This function can be used to set a callback to retrieve the user's
|
|
Packit Service |
4684c1 |
SRP credentials. The callback's function form is:
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
int (*callback)(gnutls_session_t, const char* username,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator,
|
|
Packit Service |
4684c1 |
gnutls_datum_t *prime);
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@code{username} contains the actual username.
|
|
Packit Service |
4684c1 |
The @code{salt} , @code{verifier} , @code{generator} and @code{prime} must be filled
|
|
Packit Service |
4684c1 |
in using the @code{gnutls_malloc()} . For convenience @code{prime} and @code{generator} may also be one of the static parameters defined in gnutls.h.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Initially, the data field is NULL in every @code{gnutls_datum_t}
|
|
Packit Service |
4684c1 |
structure that the callback has to fill in. When the
|
|
Packit Service |
4684c1 |
callback is done GnuTLS deallocates all of those buffers
|
|
Packit Service |
4684c1 |
which are non-NULL, regardless of the return value.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
In order to prevent attackers from guessing valid usernames,
|
|
Packit Service |
4684c1 |
if a user does not exist, g and n values should be filled in
|
|
Packit Service |
4684c1 |
using a random user's parameters. In that case the callback must
|
|
Packit Service |
4684c1 |
return the special value (1).
|
|
Packit Service |
4684c1 |
See @code{gnutls_srp_set_server_fake_salt_seed} too.
|
|
Packit Service |
4684c1 |
If this is not required for your application, return a negative
|
|
Packit Service |
4684c1 |
number from the callback to abort the handshake.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The callback function will only be called once per handshake.
|
|
Packit Service |
4684c1 |
The callback function should return 0 on success, while
|
|
Packit Service |
4684c1 |
-1 indicates an error.
|
|
Packit Service |
4684c1 |
@end deftypefun
|