1 2 3 4 5@deftypefun {int} {gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags}) 6@var{session}: is a @code{gnutls_session_t} type. 7 8@var{flags}: must be zero 9 10This function performs the post-handshake authentication 11for TLS 1.3. The post-handshake authentication is initiated by the server 12by calling this function. Clients respond when @code{GNUTLS_E_REAUTH_REQUEST} 13has been seen while receiving data. 14 15The non-fatal errors expected by this function are: 16@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , as well as 17@code{GNUTLS_E_GOT_APPLICATION_DATA} when called on server side. 18 19The former two interrupt the authentication procedure due to the transport 20layer being interrupted, and the latter because there were pending data prior 21to peer initiating the re-authentication. The server should read/process that 22data as unauthenticated and retry calling @code{gnutls_reauth()} . 23 24When this function is called under TLS1.2 or earlier or the peer didn't 25advertise post-handshake auth, it always fails with 26@code{GNUTLS_E_INVALID_REQUEST} . The verification of the received peers certificate 27is delegated to the session or credentials verification callbacks. A 28server can check whether post handshake authentication is supported 29by the client by checking the session flags with @code{gnutls_session_get_flags()} . 30 31Prior to calling this function in server side, the function 32@code{gnutls_certificate_server_set_request()} must be called setting expectations 33for the received certificate (request or require). If none are set 34this function will return with @code{GNUTLS_E_INVALID_REQUEST} . 35 36Note that post handshake authentication is available irrespective 37of the initial negotiation type (PSK or certificate). In all cases 38however, certificate credentials must be set to the session prior 39to calling this function. 40 41@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful authentication, otherwise a negative error code. 42@end deftypefun 43