diff options
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r-- | doc/cha-gtls-app.texi | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 0288543482..1575c8fa52 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1835,6 +1835,12 @@ Due to limitations of early protocol versions, it is required to check whether safe renegotiation is in place, i.e., using @funcref{gnutls_safe_renegotiation_status}, which ensures that the server remains the same as the initial. +To make re-authentication transparent to the application when requested +by the server, use the @code{GNUTLS_AUTO_REAUTH} flag on the +@funcref{gnutls_init} call. In that case the re-authentication will happen +in the call of @funcref{gnutls_record_recv} that received the +reauthentication request. + @showfuncdesc{gnutls_safe_renegotiation_status} @subsubsection Server side @@ -1877,6 +1883,12 @@ A client receiving a re-authentication request will "see" the error code @code{GNUTLS_E_REAUTH_REQUEST} at @funcref{gnutls_record_recv}. At this point, it should also call @funcref{gnutls_reauth}. +To make re-authentication transparent to the application when requested +by the server, use the @code{GNUTLS_AUTO_REAUTH} and @code{GNUTLS_POST_HANDSHAKE_AUTH} +flags on the @funcref{gnutls_init} call. In that case the re-authentication will happen +in the call of @funcref{gnutls_record_recv} that received the +reauthentication request. + @node Parameter generation @subsection Parameter generation @cindex parameter generation |