Provided by: gnutls-doc_3.8.1-4ubuntu1.3_all bug

NAME

       gnutls_reauth - API function

SYNOPSIS

       #include <gnutls/gnutls.h>

       int gnutls_reauth(gnutls_session_t session, unsigned int flags);

ARGUMENTS

       gnutls_session_t session
                   is a gnutls_session_t type.

       unsigned int flags
                   must be zero

DESCRIPTION

       This  function  performs the post-handshake authentication for TLS 1.3. The post-handshake
       authentication is initiated by the server by calling this function. Clients  respond  when
       GNUTLS_E_REAUTH_REQUEST has been seen while receiving data.

       The  non-fatal errors expected by this function are: GNUTLS_E_INTERRUPTED, GNUTLS_E_AGAIN,
       as well as GNUTLS_E_GOT_APPLICATION_DATA when called on server side.

       The former two interrupt the authentication procedure due to  the  transport  layer  being
       interrupted,  and  the latter because there were pending data prior to peer initiating the
       re-authentication. The server should read/process that data as unauthenticated  and  retry
       calling gnutls_reauth().

       When  this  function  is  called  under  TLS1.2  or  earlier  or the peer didn't advertise
       post-handshake auth, it always fails with GNUTLS_E_INVALID_REQUEST.  The  verification  of
       the  received  peers  certificate  is delegated to the session or credentials verification
       callbacks. A server can check whether post handshake authentication is  supported  by  the
       client by checking the session flags with gnutls_session_get_flags().

       Prior     to     calling     this     function    in    server    side,    the    function
       gnutls_certificate_server_set_request()  must  be  called  setting  expectations  for  the
       received  certificate (request or require). If none are set this function will return with
       GNUTLS_E_INVALID_REQUEST.

       Note  that  post  handshake  authentication  is  available  irrespective  of  the  initial
       negotiation  type (PSK or certificate). In all cases however, certificate credentials must
       be set to the session prior to calling this function.

RETURNS

       GNUTLS_E_SUCCESS on a successful authentication, otherwise a negative error code.

REPORTING BUGS

       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are permitted in  any
       medium without royalty provided the copyright notice and this notice are preserved.

SEE ALSO

       The   full   documentation  for  gnutls  is  maintained  as  a  Texinfo  manual.   If  the
       /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       https://www.gnutls.org/manual/