HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |ARGUMENTS |DESCRIPTION |SINCE |REPORTING BUGS |COPYRIGHT |SEE ALSO |COLOPHON | |
gnutls_certif...ieve_function3(3) gnutlsgnutls_certif...ieve_function3(3)gnutls_certificate_set_retrieve_function3 - API function
#include <gnutls/abstract.h>voidgnutls_certificate_set_retrieve_function3(gnutls_certificate_credentials_tcred, gnutls_certificate_retrieve_function3 *func);
gnutls_certificate_credentials_t cred is agnutls_certificate_credentials_ttype. gnutls_certificate_retrieve_function3 * func is the callback function
This function sets a callback to be called in order to retrieve the certificate and OCSP responses to be used in the handshake.func will be called only if the peer requests a certificate either during handshake or during post-handshake authentication. The callback's function prototype is defined in `abstract.h': int gnutls_certificate_retrieve_function3( gnutls_session_t, const struct gnutls_cert_retr_st *info, gnutls_pcert_st **certs, unsigned int *certs_length, gnutls_ocsp_data_st **ocsp, unsigned int *ocsp_length, gnutls_privkey_t *privkey, unsigned int *flags); The info field of the callback contains:req_ca_dn which is a list with the CA names that the server considers trusted. This is a hint and typically the client should send a certificate that is signed by one of these CAs. These names, when available, are DER encoded. To get a more meaningful value use the functiongnutls_x509_rdn_get().pk_algos contains a list with server's acceptable public key algorithms. The certificate returned should support the server's given algorithms. The callback should fill-in the following values:certs should contain an allocated list of certificates and public keys.certs_length is the size of the previous list.ocsp should contain an allocated list of OCSP responses.ocsp_length is the size of the previous list.privkey is the private key. If flags in the callback are set toGNUTLS_CERT_RETR_DEINIT_ALL then all provided values must be allocated usinggnutls_malloc(), and will be released by gnutls; otherwise they will not be touched by gnutls. The callback function should set the certificate and OCSP response list to be sent, and return 0 on success. If no certificates are available, thecerts_length andocsp_length should be set to zero. The return value (-1) indicates error and the handshake will be terminated. If both certificates are set in the credentials and a callback is available, the callback takes predence. Raw public-keys: In case raw public-keys are negotiated as certificate type, certificates that would normally hold the public-key material are not available. In that case,certs contains an allocated list with only the public key. Since there is no certificate, there is also no certificate status. Therefore, OCSP information should not be set.
3.6.3
Report bugs to <bugs@gnutls.org>. Home page:https://www.gnutls.org
Copyright © 2001-2023 Free Software Foundation, Inc., and others. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
The full documentation forgnutlsis maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visithttps://www.gnutls.org/manual/
This page is part of theGnuTLS (GnuTLS Transport Layer Security Library) project. Information about the project can be found at ⟨http://www.gnutls.org/⟩. If you have a bug report for this manual page, send it to bugs@gnutls.org. This page was obtained from the tarball fetched from ⟨https://www.gnupg.org/ftp/gcrypt/gnutls/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orggnutls 3.8.10gnutls_certif...ieve_function3(3)HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |