manpagez: man pages & more
man gnutls_reauth(3)
Home | html | info | man
gnutls_reauth(3)                    gnutls                    gnutls_reauth(3)




NAME

       gnutls_reauth - API function


SYNOPSIS

       #include <gnutls/gnutls.h>

       gnutls_reauth(3) session, unsigned int flags);


ARGUMENTS

       gnutls_session_t session
                   is a gnutls_session_t type.

       unsigned int flags
                   must be zero


DESCRIPTION

       This  function  performs the post-handshake authentication for TLS 1.3.
       The post-handshake authentication is initiated by the server by calling
       this  function.  Clients  respond when GNUTLS_E_REAUTH_REQUEST has been
       seen while receiving data.

       The non-fatal errors expected by  this  function  are:  GNUTLS_E_INTER-
       RUPTED,  GNUTLS_E_AGAIN,  as well as GNUTLS_E_GOT_APPLICATION_DATA when
       called on server side.

       The former two interrupt the authentication procedure due to the trans-
       port layer being interrupted, and the latter because there were pending
       data prior to peer initiating the re-authentication. The server  should
       read/process   that   data   as   unauthenticated   and  retry  calling
       gnutls_reauth(3).

       When this function is called under TLS1.2 or earlier or the peer didn't
       advertise     post-handshake     auth,    it    always    fails    with
       GNUTLS_E_INVALID_REQUEST. The verification of the received  peers  cer-
       tificate  is delegated to the session or credentials verification call-
       backs. A server can check whether post handshake authentication is sup-
       ported  by  the  client  by checking the session flags with gnutls_ses-
       sion_get_flags().

       Prior to calling this function in server side, the function gnutls_cer-
       tificate_server_set_request()  must  be called setting expectations for
       the received certificate (request or require). If  none  are  set  this
       function will return with GNUTLS_E_INVALID_REQUEST.

       Note  that  post  handshake authentication is available irrespective of
       the initial negotiation type (PSK or certificate). In  all  cases  how-
       ever, certificate credentials must be set to the session prior to call-
       ing this function.


RETURNS

       GNUTLS_E_SUCCESS on a successful authentication, otherwise  a  negative
       error code.


REPORTING BUGS

       Report bugs to <bugs@gnutls.org>.
       Home page: http://www.gnutls.org



COPYRIGHT

       Copyright (C) 2001-2018 Free Software Foundation, Inc., and others.
       Copying  and  distribution  of this file, with or without modification,
       are permitted in any medium  without  royalty  provided  the  copyright
       notice and this notice are preserved.


SEE ALSO

       The  full  documentation  for gnutls is maintained as a Texinfo manual.
       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
       visit

       http://www.gnutls.org/manual/




gnutls                               3.6.5                    gnutls_reauth(3)

gnutls 3.6.5 - Generated Tue Jan 22 15:28:16 CST 2019
© manpagez.com 2000-2024
Individual documents may contain additional copyright information.