oracular (3) gnutls_reauth.3.gz

Provided by: gnutls-doc_3.8.6-2ubuntu1.1_all bug

NAME
       gnutls_reauth - API function


SYNOPSIS
       #include <gnutls/gnutls.h>

       int gnutls_reauth(gnutls_session_t session, unsigned int flags);


ARGUMENTS
       gnutls_session_t session
                   is a gnutls_session_t type.

       unsigned int flags
                   must be zero


DESCRIPTION
       This  function  performs the post-handshake authentication for TLS 1.3. The post-handshake authentication
       is initiated by the server by calling this function. Clients  respond  when  GNUTLS_E_REAUTH_REQUEST  has
       been seen while receiving data.

       The  non-fatal  errors  expected  by  this function are: GNUTLS_E_INTERRUPTED, GNUTLS_E_AGAIN, as well as
       GNUTLS_E_GOT_APPLICATION_DATA when called on server side.

       The former two interrupt the authentication procedure due to the transport layer being  interrupted,  and
       the  latter  because  there  were pending data prior to peer initiating the re-authentication. The server
       should read/process that data as unauthenticated and retry calling gnutls_reauth().

       When this function is called under TLS1.2 or earlier or the peer didn't advertise post-handshake auth, it
       always  fails  with  GNUTLS_E_INVALID_REQUEST.  The  verification  of  the  received peers certificate is
       delegated to the session or credentials verification callbacks. A server can check whether post handshake
       authentication is supported by the client by checking the session flags with gnutls_session_get_flags().

       Prior  to calling this function in server side, the function gnutls_certificate_server_set_request() must
       be called setting expectations for the received certificate (request or require). If none  are  set  this
       function will return with GNUTLS_E_INVALID_REQUEST.

       Note that post handshake authentication is available irrespective of the initial negotiation type (PSK or
       certificate). In all cases however, certificate credentials must be set to the session prior  to  calling
       this function.


RETURNS
       GNUTLS_E_SUCCESS on a successful authentication, otherwise a negative error code.


REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org


       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying  and distribution of this file, with or without modification, are permitted in any medium without
       royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The full documentation for gnutls is maintained as  a  Texinfo  manual.   If  the  /usr/share/doc/gnutls/
       directory does not contain the HTML form visit

       https://www.gnutls.org/manual/