diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-01 11:58:15 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-10-16 09:02:27 +0200 |
commit | 8dd5b32b5a1a709d90bced2959b80a16af66389f (patch) | |
tree | be0b1fca2f8d3bbea230d41ecdd8cd284eba9d41 /doc/cha-gtls-app.texi | |
parent | 20abfc36bec4de2ad9f2e4682be7f93f61f6419d (diff) | |
download | gnutls-8dd5b32b5a1a709d90bced2959b80a16af66389f.tar.gz |
gnutls_init: added flag for automatic re-authentication
This introduces the GNUTLS_AUTO_REAUTH gnutls_init() flag and makes
re-authentication under TLS simpler to enable and use.
Resolves #571
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r-- | doc/cha-gtls-app.texi | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 0288543482..1575c8fa52 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1835,6 +1835,12 @@ Due to limitations of early protocol versions, it is required to check whether safe renegotiation is in place, i.e., using @funcref{gnutls_safe_renegotiation_status}, which ensures that the server remains the same as the initial. +To make re-authentication transparent to the application when requested +by the server, use the @code{GNUTLS_AUTO_REAUTH} flag on the +@funcref{gnutls_init} call. In that case the re-authentication will happen +in the call of @funcref{gnutls_record_recv} that received the +reauthentication request. + @showfuncdesc{gnutls_safe_renegotiation_status} @subsubsection Server side @@ -1877,6 +1883,12 @@ A client receiving a re-authentication request will "see" the error code @code{GNUTLS_E_REAUTH_REQUEST} at @funcref{gnutls_record_recv}. At this point, it should also call @funcref{gnutls_reauth}. +To make re-authentication transparent to the application when requested +by the server, use the @code{GNUTLS_AUTO_REAUTH} and @code{GNUTLS_POST_HANDSHAKE_AUTH} +flags on the @funcref{gnutls_init} call. In that case the re-authentication will happen +in the call of @funcref{gnutls_record_recv} that received the +reauthentication request. + @node Parameter generation @subsection Parameter generation @cindex parameter generation |