gnutls_srp_set_server_credentials_function — API function

Synopsis

#include <gnutls/gnutls.h>

void gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t         cred, gnutls_srp_server_credentials_function         * func);

Arguments

gnutls_srp_server_credentials_t         cred

is a gnutls_srp_server_credentials_t type.

gnutls_srp_server_credentials_function         * func

is the callback function

Description

This function can be used to set a callback to retrieve the user's SRP credentials.  The callback's function form is:

int (*callback)(gnutls_session_t, const char* username, gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, gnutls_datum_t *prime);

username contains the actual username. The  salt ,  verifier ,  generator and  prime must be filled in using the gnutls_malloc(). For convenience  prime and  generator may also be one of the static parameters defined in gnutls.h.

Initially, the data field is NULL in every gnutls_datum_t structure that the callback has to fill in. When the callback is done GnuTLS deallocates all of those buffers which are non-NULL, regardless of the return value.

In order to prevent attackers from guessing valid usernames, if a user does not exist, g and n values should be filled in using a random user's parameters. In that case the callback must return the special value (1). See gnutls_srp_set_server_fake_salt_seed too. If this is not required for your application, return a negative number from the callback to abort the handshake.

The callback function will only be called once per handshake. The callback function should return 0 on success, while -1 indicates an error.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls