Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
gnutls_reauth(3)		    gnutls		      gnutls_reauth(3)

NAME
       gnutls_reauth - API function

SYNOPSIS
       #include	<gnutls/gnutls.h>

       int gnutls_reauth(gnutls_session_t session, unsigned int	flags);

ARGUMENTS
       gnutls_session_t	session
		   is a	gnutls_session_t type.

       unsigned	int flags
		   must	be zero

DESCRIPTION
       This  function  performs	the post-handshake authentication for TLS 1.3.
       The post-handshake authentication is initiated by the server by calling
       this function. Clients respond when  GNUTLS_E_REAUTH_REQUEST  has  been
       seen while receiving data.

       The  non-fatal  errors  expected	 by this function are: GNUTLS_E_INTER-
       RUPTED, GNUTLS_E_AGAIN, as well as  GNUTLS_E_GOT_APPLICATION_DATA  when
       called on server	side.

       The former two interrupt	the authentication procedure due to the	trans-
       port layer being	interrupted, and the latter because there were pending
       data  prior to peer initiating the re-authentication. The server	should
       read/process  that  data	  as   unauthenticated	 and   retry   calling
       gnutls_reauth().

       When this function is called under TLS1.2 or earlier or the peer	didn't
       advertise  post-handshake  auth,	 it  always  fails  with  GNUTLS_E_IN-
       VALID_REQUEST. The verification of the received	peers  certificate  is
       delegated  to  the  session  or	credentials  verification callbacks. A
       server can check	whether	post handshake authentication is supported  by
       the   client   by   checking   the   session   flags  with  gnutls_ses-
       sion_get_flags().

       Prior to	calling	this function in server	side, the function gnutls_cer-
       tificate_server_set_request() must be called setting  expectations  for
       the  received  certificate  (request  or	require). If none are set this
       function	will return with GNUTLS_E_INVALID_REQUEST.

       Note that post handshake	authentication is  available  irrespective  of
       the  initial  negotiation  type (PSK or certificate). In	all cases how-
       ever, certificate credentials must be set to the	session	prior to call-
       ing this	function.

RETURNS
       GNUTLS_E_SUCCESS	on a successful	authentication,	otherwise  a  negative
       error code.

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT
       Copyright (C) 2001-2023 Free Software Foundation, Inc., and others.
       Copying	and  distribution  of this file, with or without modification,
       are permitted in	any medium without royalty provided the	copyright  no-
       tice and	this notice are	preserved.

SEE ALSO
       The  full  documentation	 for gnutls is maintained as a Texinfo manual.
       If the /usr/local/share/doc/gnutls/ directory does not contain the HTML
       form visit

       https://www.gnutls.org/manual/

gnutls				     3.8.9		      gnutls_reauth(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=gnutls_reauth&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help