[Help-gnutls] Need a little help with gnutls_certificate_server_set_retrieve_function

Gergely Nagy algernon at bonehunter.rulez.org
Fri Jul 30 23:17:33 CEST 2004


In the documentation, one can read this:



This function sets a callback to be called in order to retrieve the
certificate to be used in the handshake. The callback's function
prototype is: int (*callback)(gnutls_session, const gnutls_datum*
req_ca_dn, int nreqs, gnutls_pk_algorithm* pk_algos, int
pk_algos_length, gnutls_retr_st st);

However, the gnutls/gnutls.h header contains:

typedef int gnutls_certificate_server_retrieve_function(gnutls_session,
        gnutls_retr_st *);

Which is a wee-bit different. I checked the gnutls_retr_st structure,
and to be honest, I cannot figure out how my program is supposed to
select the appropriate certificate - or how to get the information to
begin with..

Maybe, but just maybe, it could work like;

- is the second argument (I'll call it rst for brevity) NULL? If yes,
return -1 (there is no certificate)

- If it is non-NULL, rst[0].ncerts contains the list of certificates,
and rst[0].cert.x509 the certificate itself, and so on 'till
rst[rst[0].ncerts] - from this, one could select the appropriate
certificate and act accordingly.

However, this interface seems to be awfully clumsy, compared to the
other interfaces in GnuTLS, so I doubt this is the intended usage.

If I'm missing something obvious, please tell, and apply LART

Gergely Nagy

More information about the Gnutls-help mailing list