Next: Data transfer and termination, Previous: Setting up the transport layer, Up: How to use GnuTLS in applications [Contents][Index]
Once a session has been initialized and a network connection has been set up, TLS and DTLS protocols perform a handshake. The handshake is the actual key exchange.
session: is a gnutls_session_t
structure.
This function does the handshake of the TLS/SSL protocol, and initializes the TLS connection.
This function will fail if any problem is encountered, and will return a negative error code. In case of a client, if the client has asked to resume a session, but the server couldn’t, then a full handshake will be performed.
The non-fatal errors such as GNUTLS_E_AGAIN
and
GNUTLS_E_INTERRUPTED
interrupt the handshake procedure, which
should be resumed later. Call this function again, until it
returns 0; cf. gnutls_record_get_direction()
and
gnutls_error_is_fatal()
.
If this function is called by a server after a rehandshake request
then GNUTLS_E_GOT_APPLICATION_DATA
or
GNUTLS_E_WARNING_ALERT_RECEIVED
may be returned. Note that these
are non fatal errors, only in the specific case of a rehandshake.
Their meaning is that the client rejected the rehandshake request or
in the case of GNUTLS_E_GOT_APPLICATION_DATA
it might also mean that
some data were pending.
Returns: GNUTLS_E_SUCCESS
on success, otherwise a negative error code.
session: is a gnutls_session_t
structure.
ms: is a timeout value in milliseconds
This function sets the timeout for the handshake process
to the provided value. Use an ms
value of zero to disable
timeout.
Note that in order for the timeout to be enforced
gnutls_transport_set_pull_timeout_function()
must be set
(it is set by default in most systems).
The handshake process doesn’t ensure the verification of the peer’s identity. When certificates are in use, this can be done, either after the handshake is complete, or during the handshake if gnutls_certificate_set_verify_function has been used. In both cases the gnutls_certificate_verify_peers2 function can be used to verify the peer’s certificate (see Certificate authentication for more information).
int gnutls_certificate_verify_peers2 (gnutls_session_t session, unsigned int * status)
Next: Data transfer and termination, Previous: Setting up the transport layer, Up: How to use GnuTLS in applications [Contents][Index]