[Help-gnutls] Need a little help with gnutls_certificate_server_set_retrieve_function
Gergely Nagy
algernon at bonehunter.rulez.org
Fri Jul 30 23:17:33 CEST 2004
Hi!
In the documentation, one can read this:
gnutls_certificate_server_set_retrieve_function
...
This function sets a callback to be called in order to retrieve the
certificate to be used in the handshake. The callback's function
prototype is: int (*callback)(gnutls_session, const gnutls_datum*
req_ca_dn, int nreqs, gnutls_pk_algorithm* pk_algos, int
pk_algos_length, gnutls_retr_st st);
However, the gnutls/gnutls.h header contains:
typedef int gnutls_certificate_server_retrieve_function(gnutls_session,
gnutls_retr_st *);
Which is a wee-bit different. I checked the gnutls_retr_st structure,
and to be honest, I cannot figure out how my program is supposed to
select the appropriate certificate - or how to get the information to
begin with..
Maybe, but just maybe, it could work like;
- is the second argument (I'll call it rst for brevity) NULL? If yes,
return -1 (there is no certificate)
- If it is non-NULL, rst[0].ncerts contains the list of certificates,
and rst[0].cert.x509 the certificate itself, and so on 'till
rst[rst[0].ncerts] - from this, one could select the appropriate
certificate and act accordingly.
However, this interface seems to be awfully clumsy, compared to the
other interfaces in GnuTLS, so I doubt this is the intended usage.
If I'm missing something obvious, please tell, and apply LART
appropriately!
Thanks,
--
Gergely Nagy
More information about the Gnutls-help
mailing list