| [ << ] | [ < ] | [ Up ] | [ > ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
10.3 TLS Authentication Methods
In GnuTLS authentication methods can be implemented quite easily. Since the required changes to add a new authentication method affect only the handshake protocol, a simple interface is used. An authentication method needs to implement the functions shown below.
typedef struct
{
const char *name;
int (*gnutls_generate_server_certificate) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_client_certificate) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_server_kx) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st*);
int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, gnutls_buffer_st *);
int (*gnutls_generate_server_certificate_request) (gnutls_session_t,
gnutls_buffer_st *);
int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *,
size_t);
int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *,
size_t);
int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t);
int (*gnutls_process_server_certificate_request) (gnutls_session_t,
opaque *, size_t);
} mod_auth_st;
Those functions are responsible for the
interpretation of the handshake protocol messages. It is common for such
functions to read data from one or more credentials_t
structures(16) and write data,
such as certificates, usernames etc. to auth_info_t structures.
Simple examples of existing authentication methods can be seen in
auth/psk.c for PSK ciphersuites and auth/srp.c for SRP
ciphersuites. After implementing these functions the structure holding
its pointers has to be registered in gnutls_algorithms.c in the
_gnutls_kx_algorithms structure.
This document was generated on January 4, 2012 using texi2html 5.0.