dwww: tpablo.net

dwww Home | Manual pages | Find package
gnutls_reauth(3)                    gnutls                    gnutls_reauth(3)

NAME
       gnutls_reauth - API function

SYNOPSIS
       #include <gnutls/gnutls.h>

       int gnutls_reauth(gnutls_session_t session, unsigned int flags);

ARGUMENTS
       gnutls_session_t session
                   is a gnutls_session_t type.

       unsigned int flags
                   must be zero

DESCRIPTION
       This  function  performs the post-handshake authentication for TLS 1.3.
       The post-handshake authentication is initiated by the server by calling
       this  function.  Clients  respond when GNUTLS_E_REAUTH_REQUEST has been
       seen while receiving data.

       The non-fatal errors expected by  this  function  are:  GNUTLS_E_INTER-
       RUPTED,  GNUTLS_E_AGAIN,  as well as GNUTLS_E_GOT_APPLICATION_DATA when
       called on server side.

       The former two interrupt the authentication procedure due to the trans-
       port layer being interrupted, and the latter because there were pending
       data prior to peer initiating the re-authentication. The server  should
       read/process   that   data   as   unauthenticated   and  retry  calling
       gnutls_reauth().

       When this function is called under TLS1.2 or earlier or the peer didn't
       advertise  post-handshake  auth,  it  always  fails  with  GNUTLS_E_IN-
       VALID_REQUEST. The verification of the received  peers  certificate  is
       delegated  to  the  session  or  credentials  verification callbacks. A
       server can check whether post handshake authentication is supported  by
       the   client   by   checking   the   session   flags  with  gnutls_ses-
       sion_get_flags().

       Prior to calling this function in server side, the function gnutls_cer-
       tificate_server_set_request()  must  be called setting expectations for
       the received certificate (request or require). If  none  are  set  this
       function will return with GNUTLS_E_INVALID_REQUEST.

       Note  that  post  handshake authentication is available irrespective of
       the initial negotiation type (PSK or certificate). In  all  cases  how-
       ever, certificate credentials must be set to the session prior to call-
       ing this function.

RETURNS
       GNUTLS_E_SUCCESS on a successful authentication, otherwise  a  negative
       error code.

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT
       Copyright © 2001- Free Software Foundation, Inc., and others.
       Copying  and  distribution  of this file, with or without modification,
       are permitted in any medium without royalty provided the copyright  no-
       tice and this notice are preserved.

SEE ALSO
       The  full  documentation  for gnutls is maintained as a Texinfo manual.
       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
       visit

       https://www.gnutls.org/manual/

gnutls                               3.7.3                    gnutls_reauth(3)
Generated by dwww version 1.14 on Sun Dec 29 18:28:20 CET 2024.