This function can be used to set a callback to retrieve the
user's SRP credentials. The callback's function form is:
int (*callback)(gnutls_session_t, const char* username,
gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t
*generator, gnutls_datum_t *prime);
username contains the actual username. The salt , verifier ,
generator and prime must be filled in using the gnutls_malloc().
For convenience prime and generator may also be one of the
static parameters defined in gnutls.h.
Initially, the data field is NULL in every gnutls_datum_t
structure that the callback has to fill in. When the callback is
done GnuTLS deallocates all of those buffers which are non-NULL,
regardless of the return value.
In order to prevent attackers from guessing valid usernames, if a
user does not exist, g and n values should be filled in using a
random user's parameters. In that case the callback must return
the special value (1). See gnutls_srp_set_server_fake_salt_seed
too. If this is not required for your application, return a
negative number from the callback to abort the handshake.
The callback function will only be called once per handshake.
The callback function should return 0 on success, while -1
indicates an error.
This page is part of the GnuTLS (GnuTLS Transport Layer Security
Library) project. Information about the project can be found at
⟨http://www.gnutls.org/⟩. If you have a bug report for this
manual page, send it to email@example.com. This page was obtained
from the tarball gnutls-3.7.1.tar.xz fetched from
⟨http://www.gnutls.org/download.html⟩ on 2021-04-01. If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to firstname.lastname@example.org