[gnutls-help] Certificate callback questions
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Apr 23 13:19:45 CEST 2015
On Wed, Apr 22, 2015 at 5:31 PM, Lavrentiev, Anton (NIH/NLM/NCBI) [C]
<lavr at ncbi.nlm.nih.gov> wrote:
> Nikos,
> Thank you for your response!
>> You can still however differentiate between sessions using
>> gnutls_session_set/get_ptr(). Do you see an issue with this approach?
> I can, but the callback will be visited by all sessions that use that same
> credentials. BTW, could you please comment if the same credentials handle
> can be shared / reused for multiple (possibly, concurrent) sessions?
Yes. That is the purpose of credentials structures, to be re-used by
multiple sessions.
>> > to pass some context to a callback that is set with "gnutls_certificate_set_retrieve_function*()"?
>> Since you get a pointer to the session you can use the
>> gnutls_session_set/get_ptr() for that.
> And this is just a reverse situation of the certificate verification callback:
> it looks like retrieve is a method of credentials rather than a session.
It is set on credentials but called by and with the session structure.
> If I could
> treat the credentials as a container, and extract and return a suitable element out of
> it (i.e. there can be a handle to a file, which keeps all available certs), I would not
> want / need to give that handle to each and every session that use those credentials.
I'm not sure I follow. In that case wouldn't be better to use
different credentials structures for
different sessions?
regards,
Nikos
More information about the Gnutls-help
mailing list