gnutls_certificate_set_pin_function - Linux


Overview

gnutls_certificate_set_pin_function sets a function to be called when a certificate is received.

Syntax

gnutls_certificate_set_pin_function(session, verify_function, user_data)

Options/Flags

  • verify_function: The function to call when a certificate is received. The function takes the following arguments:
    • certificate: The certificate to verify.
    • verify_info: A pointer to the verify_info structure.
    • user_data: The user data passed to gnutls_certificate_set_pin_function().
  • user_data: The user data to pass to the verify_function.

Examples

gnutls_certificate_set_pin_function(session, my_verify_function, NULL);

Common Issues

Error: gnutls_certificate_set_pin_function() failed

This error can occur if the verify_function() returns an error. To fix this error, check the return value of the verify_function().

Integration

gnutls_certificate_set_pin_function() can be combined with other GNUTLS functions to create a custom certificate verification process. For example, the following code sets a verify_function() that checks the certificate’s hostname:

void my_verify_function(gnutls_x509_crt_t certificate, gnutls_x509_verify_info_t verify_info, void *user_data)
{
    const char *hostname = gnutls_certificate_get_hostname(certificate);
    if (hostname == NULL) {
        gnutls_x509_crt_print(certificate, stdout);
        fprintf(stderr, "Error: certificate does not have a hostname\n");
        gnutls_x509_verify_set_status(verify_info, GNUTLS_E_CERTIFICATE_ERROR);
        return;
    }

    if (strcmp(hostname, "example.com") != 0) {
        gnutls_x509_crt_print(certificate, stdout);
        fprintf(stderr, "Error: certificate hostname does not match expected hostname\n");
        gnutls_x509_verify_set_status(verify_info, GNUTLS_E_CERTIFICATE_ERROR);
        return;
    }

    gnutls_x509_verify_set_status(verify_info, GNUTLS_E_SUCCESS);
}

Related Commands

  • gnutls_certificate_set_verify_function()
  • gnutls_certificate_verify()
  • gnutls_certificate_get_hostname()