diff options
Diffstat (limited to 'doc/functions/gnutls_certificate_set_retrieve_function')
| -rw-r--r-- | doc/functions/gnutls_certificate_set_retrieve_function | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/doc/functions/gnutls_certificate_set_retrieve_function b/doc/functions/gnutls_certificate_set_retrieve_function new file mode 100644 index 0000000..6a71296 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function @@ -0,0 +1,44 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. You are advised +to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun |