gnutls_certificate_set_retrieve_function2(3) — Linux manual page



NAME         top

       gnutls_certificate_set_retrieve_function2 - API function

SYNOPSIS         top

       #include <gnutls/abstract.h>

       cred, gnutls_certificate_retrieve_function2 * func);

ARGUMENTS         top

       gnutls_certificate_credentials_t cred
                   is a gnutls_certificate_credentials_t type.

       gnutls_certificate_retrieve_function2 * func
                   is the callback function

DESCRIPTION         top

       This function sets a callback to be called in order to retrieve
       the certificate to be used in the handshake. The callback will
       take control only if a certificate is requested by the peer.

       The callback's function prototype is: int
       (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn,
       int nreqs, const gnutls_pk_algorithm_t* pk_algos, int
       pk_algos_length, gnutls_pcert_st** pcert, unsigned int
       *pcert_length, gnutls_privkey_t * pkey);

        req_ca_dn is only used in X.509 certificates.  Contains a list
       with the CA names that the server considers trusted.  This is a
       hint and typically the client should send a certificate that is
       signed by one of these CAs. These names, when available, are DER
       encoded. To get a more meaningful value use the function

        pk_algos contains a list with server's acceptable public key
       algorithms.  The certificate returned should support the server's
       given algorithms.

        pcert should contain a single certificate and public key or a
       list of them.

        pcert_length is the size of the previous list.

        pkey is the private key.

       If the callback function is provided then gnutls will call it, in
       the handshake, after the certificate request message has been
       received.  All the provided by the callback values will not be
       released or modified by gnutls.

       In server side pk_algos and req_ca_dn are NULL.

       The callback function should set the certificate list to be sent,
       and return 0 on success. If no certificate was selected then the
       number of certificates should be set to zero. The value (-1)
       indicates error and the handshake will be terminated. If both
       certificates are set in the credentials and a callback is
       available, the callback takes predence.

SINCE         top


REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001- Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit 

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨⟩.  If you have a bug report for this
       manual page, send it to  This page was obtained
       from the tarball gnutls-3.8.0.tar.xz fetched from
       ⟨⟩ on 2023-06-23.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

gnutls                      gnutls3_.c8e.r0tificate_set_retrieve_function2(3)