gnutls_certificate_set_retrieve_function3(3) — Linux manual page


gnutls_certi...eve_function3(3)  gnutls  gnutls_certi...eve_function3(3)

NAME         top

       gnutls_certificate_set_retrieve_function3 - API function

SYNOPSIS         top

       #include <gnutls/abstract.h>

       cred, gnutls_certificate_retrieve_function3 * func);

ARGUMENTS         top

       gnutls_certificate_credentials_t cred
                   is a gnutls_certificate_credentials_t type.

       gnutls_certificate_retrieve_function3 * func
                   is the callback function

DESCRIPTION         top

       This function sets a callback to be called in order to retrieve
       the certificate and OCSP responses to be used in the handshake.
       func will be called only if the peer requests a certificate
       either during handshake or during post-handshake authentication.

       The callback's function prototype is defined in `abstract.h':

       int gnutls_certificate_retrieve_function3( gnutls_session_t,
       const struct gnutls_cert_retr_st *info, gnutls_pcert_st **certs,
       unsigned int *certs_length, gnutls_ocsp_data_st **ocsp, unsigned
       int *ocsp_length, gnutls_privkey_t *privkey, unsigned int

       The info field of the callback contains:
        req_ca_dn which is a list with the CA names that the server
       considers trusted.  This is a hint and typically the client
       should send a certificate that is signed by one of these CAs.
       These names, when available, are DER encoded. To get a more
       meaningful value use the function gnutls_x509_rdn_get().
        pk_algos contains a list with server's acceptable public key
       algorithms.  The certificate returned should support the server's
       given algorithms.

       The callback should fill-in the following values:

        certs should contain an allocated list of certificates and
       public keys.
        certs_length is the size of the previous list.
        ocsp should contain an allocated list of OCSP responses.
        ocsp_length is the size of the previous list.
        privkey is the private key.

       If flags in the callback are set to GNUTLS_CERT_RETR_DEINIT_ALL
       then all provided values must be allocated using gnutls_malloc(),
       and will be released by gnutls; otherwise they will not be
       touched by gnutls.

       The callback function should set the certificate and OCSP
       response list to be sent, and return 0 on success. If no
       certificates are available, the  certs_length and  ocsp_length
       should be set to zero. The return value (-1) indicates error and
       the handshake will be terminated. If both certificates are set in
       the credentials and a callback is available, the callback takes

       Raw public-keys: In case raw public-keys are negotiated as
       certificate type, certificates that would normally hold the
       public-key material are not available. In that case,
        certs contains an allocated list with only the public key. Since
       there is no certificate, there is also no certificate status.
       Therefore, OCSP information should not be set.

SINCE         top


REPORTING BUGS         top

       Report bugs to <>.
       Home page:

COPYRIGHT         top

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty
       provided the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨⟩.  If you have a bug report for this
       manual page, send it to  This page was obtained
       from the tarball gnutls-3.8.2.tar.xz fetched from
       ⟨⟩ on 2023-12-22.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for
       the page, or you have corrections or improvements to the
       information in this COLOPHON (which is not part of the original
       manual page), send a mail to

gnutls                            3.8.2  gnutls_certi...eve_function3(3)