diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-02-13 16:47:16 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-02-14 20:28:59 +0100 |
commit | 4a63c6331cbfbf1e44352891ba0e44b0f62f20cf (patch) | |
tree | e569a791d62d77c2c7622f13cb460a3f0d96d730 /doc | |
parent | 330f61911c2127a27e1e11c05864e55f88da876c (diff) | |
download | gnutls-4a63c6331cbfbf1e44352891ba0e44b0f62f20cf.tar.gz |
doc: documented how to set the credentials late in certain vhost scenarios
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-gtls-app.texi | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index b30c3e2d89..b195ffa95a 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1556,6 +1556,7 @@ and SRP authentication. @section Advanced topics @menu +* Virtual hosts and credentials:: * Session resumption:: * Certificate verification:: * Re-authentication:: @@ -1566,6 +1567,43 @@ and SRP authentication. * Compatibility with the OpenSSL library:: @end menu +@node Virtual hosts and credentials +@subsection Virtual hosts and credentials +@cindex virtual hosts +@cindex credentials + +Often when operating with virtual hosts, one may not want to associate +a particular certificate set to the credentials function early, before +the virtual host is known. That can be achieved by calling +@funcref{gnutls_credentials_set} within a handshake pre-hook for client +hello. That message contains the peer's intended hostname, and if read, +and the appropriate credentials are set, gnutls will be able to +continue in the handshake process. A brief usage example is shown +below. + +@example +static int +handshake_hook_func(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t *msg) +@{ + assert(htype == GNUTLS_HANDSHAKE_CLIENT_HELLO); + assert(when == GNUTLS_HOOK_PRE); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); +@} + +int main() +@{ + ... + + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_PRE, handshake_hook_func); + ... +@} +@end example + +@showfuncdesc{gnutls_handshake_set_hook_function} + @node Session resumption @subsection Session resumption @cindex resuming sessions |