gnutls_certificate_set_pin_function - Linux
Overview
gnutls_certificate_set_pin_function sets a function to be called when a certificate is received.
Syntax
gnutls_certificate_set_pin_function(session, verify_function, user_data)
Options/Flags
- verify_function: The function to call when a certificate is received. The function takes the following arguments:
- certificate: The certificate to verify.
- verify_info: A pointer to the verify_info structure.
- user_data: The user data passed to gnutls_certificate_set_pin_function().
- user_data: The user data to pass to the verify_function.
Examples
gnutls_certificate_set_pin_function(session, my_verify_function, NULL);
Common Issues
Error: gnutls_certificate_set_pin_function() failed
This error can occur if the verify_function() returns an error. To fix this error, check the return value of the verify_function().
Integration
gnutls_certificate_set_pin_function() can be combined with other GNUTLS functions to create a custom certificate verification process. For example, the following code sets a verify_function() that checks the certificate’s hostname:
void my_verify_function(gnutls_x509_crt_t certificate, gnutls_x509_verify_info_t verify_info, void *user_data)
{
const char *hostname = gnutls_certificate_get_hostname(certificate);
if (hostname == NULL) {
gnutls_x509_crt_print(certificate, stdout);
fprintf(stderr, "Error: certificate does not have a hostname\n");
gnutls_x509_verify_set_status(verify_info, GNUTLS_E_CERTIFICATE_ERROR);
return;
}
if (strcmp(hostname, "example.com") != 0) {
gnutls_x509_crt_print(certificate, stdout);
fprintf(stderr, "Error: certificate hostname does not match expected hostname\n");
gnutls_x509_verify_set_status(verify_info, GNUTLS_E_CERTIFICATE_ERROR);
return;
}
gnutls_x509_verify_set_status(verify_info, GNUTLS_E_SUCCESS);
}
Related Commands
- gnutls_certificate_set_verify_function()
- gnutls_certificate_verify()
- gnutls_certificate_get_hostname()