gnutls_x509_trust_list_set_getissuer_function

API function

Synopsis

#include <gnutls/x509.h>

void gnutls_x509_trust_list_set_getissuer_function(gnutls_x509_trust_list_t tlist, gnutls_x509_trust_list_getissuer_function * func);

Arguments

gnutls_x509_trust_list_t tlist: is a gnutls_x509_trust_list_t type.
gnutls_x509_trust_list_getissuer_function * func: is the callback function

This function sets a callback to be called when the peer's certificate chain is incomplete due a missing intermediate certificate. The callback may provide the missing certificate for use during verification.

The callback's function prototype is defined in gnutls/x509.h as:

int (*callback)(gnutls_x509_trust_list_t list, const gnutls_x509_crt_t cert, gnutls_x509_crt_t **issuers, unsigned int *issuers_size);

If the callback function is provided then gnutls will call it during the certificate verification procedure. The callback may wish to use gnutls_x509_crt_get_authority_info_access() to get a URI from which to attempt to download the missing issuer certificate, if available.

On a successful call, the callback shall set '*issuers' and '*issuers_size' even if the result is empty; in that case '*issuers' will point to NULL and allocated using gnutls_x509_crt_list_import2(). The ownership of both the array and the elements is transferred to the caller and thus the application does not need to maintain the memory after the call.

The callback function should return 0 if the attempt to retrieve the issuer certificates for 'crt' succeeded, or non-zero to indicate any error occurred during the attempt. In the latter case, '*issuers' and '*issuers_size' are not set.

gnutls_x509_trust_list_set_getissuer_function

Synopsis

Arguments

Description

Since

Reporting Bugs

Copyright

See Also

Info