@deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func})
@var{cred}: is a @code{gnutls_certificate_credentials_t}  type.

@var{func}: is the callback function

This function sets a callback to be called in order to retrieve the
certificate to be used in the handshake. The callback will take control
only if a certificate is requested by the peer. You are advised
to use @code{gnutls_certificate_set_retrieve_function2()}  because it
is much more efficient in the processing it requires from gnutls.

The callback's function prototype is:
int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st);

 @code{req_ca_dn} is only used in X.509 certificates.
Contains a list with the CA names that the server considers trusted.
This is a hint and typically the client should send a certificate that is signed
by one of these CAs. These names, when available, are DER encoded. To get a more
meaningful value use the function @code{gnutls_x509_rdn_get()} .

 @code{pk_algos} contains a list with server's acceptable public key algorithms.
The certificate returned should support the server's given algorithms.

 @code{st} should contain the certificates and private keys.

If the callback function is provided then gnutls will call it, in the
handshake, after the certificate request message has been received.

In server side pk_algos and req_ca_dn are NULL.

The callback function should set the certificate list to be sent,
and return 0 on success. If no certificate was selected then the
number of certificates should be set to zero. The value (-1)
indicates error and the handshake will be terminated. If both certificates
are set in the credentials and a callback is available, the callback
takes predence.

@strong{Since:} 3.0
@end deftypefun