This function sets a callback to be called when the peer's
certificate chain is incomplete due a missing intermediate
certificate. The callback may provide the missing certificate for
use during verification.
The callback's function prototype is defined in <gnutls/x509.h>
int (*callback)(gnutls_x509_trust_list_t list, const
gnutls_x509_crt_t cert, gnutls_x509_crt_t **issuers, unsigned int
If the callback function is provided then gnutls will call it
during the certificate verification procedure. The callback may
wish to use gnutls_x509_crt_get_authority_info_access() to get a
URI from which to attempt to download the missing issuer
certificate, if available.
On a successful call, the callback shall allocate the 'issuers'
array with gnutls_x509_crt_list_import2(). The ownership of both
the array and the elements is transferred to the caller and thus
the application does not need to maintain the memory after the
The callback function should return 0 if the missing issuer
certificate for 'crt' was properly populated and added to the
'issuers', or non-zero to continue the certificate list
verification but with issuer as NULL.
This page is part of the GnuTLS (GnuTLS Transport Layer Security
Library) project. Information about the project can be found at
⟨http://www.gnutls.org/⟩. If you have a bug report for this
manual page, send it to email@example.com. This page was obtained
from the tarball gnutls-3.7.1.tar.xz fetched from
⟨http://www.gnutls.org/download.html⟩ on 2021-04-01. If you
discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for
the page, or you have corrections or improvements to the
information in this COLOPHON (which is not part of the original
manual page), send a mail to firstname.lastname@example.org