path: root/manual/html_node/TLS-handshake.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- This manual is last updated 4 March 2015 for version
3.5.4 of GnuTLS.

Copyright (C) 2001-2015 Free Software Foundation, Inc.\\
Copyright (C) 2001-2015 Nikos Mavrogiannopoulos

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.  A
copy of the license is included in the section entitled "GNU Free
Documentation License". -->
<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
<head>
<title>GnuTLS 3.5.4: TLS handshake</title>

<meta name="description" content="GnuTLS 3.5.4: TLS handshake">
<meta name="keywords" content="GnuTLS 3.5.4: TLS handshake">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="How-to-use-GnuTLS-in-applications.html#How-to-use-GnuTLS-in-applications" rel="up" title="How to use GnuTLS in applications">
<link href="Data-transfer-and-termination.html#Data-transfer-and-termination" rel="next" title="Data transfer and termination">
<link href="DTLS-and-SCTP.html#DTLS-and-SCTP" rel="prev" title="DTLS and SCTP">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
body { 
	margin: 2%;
	padding: 0 5%;
	background: #ffffff;
}
h1,h2,h3,h4,h5 {
    font-weight: bold;
    padding: 5px 5px 5px 5px;
    background-color: #c2e0ff;
    color: #336699;
}
h1 {
    padding: 2em 2em 2em 5%;
    color: white;
    background: #336699;
    text-align: center;
    letter-spacing: 3px;
}
h2 { text-decoration: underline; }
pre {
  margin: 0 5%;
  padding: 0.5em;
}
pre.example,pre.verbatim {
  padding-bottom: 1em;

  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 1px 1px 1px 5px;
  margin: 1em auto;
  width: 90%;
}

div.node {
  margin: 0 -5% 0 -2%;
  padding: 0.5em 0.5em;
  margin-top: 0.5em;
  margin-bottom: 0.5em;
  font-weight: bold;
}
dd, li {
  padding-top: 0.1em;
  padding-bottom: 0.1em;
}
div.float {

  margin-bottom: 0.5em;
  text-align: center;
}

table {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  border-spacing: 7px;
  width: 50%;
}

th {
  padding: 0;
  color: #336699;
  background-color: #c2e0ff;
  border: solid #000000;
  border-width: 0px;
  margin: 1em auto;
  text-align: center;
  margin-left:auto;
  margin-right:auto;
}

td {
  padding: 0;
  border: solid #000000;
  background-color: #f0faff;
  border-width: 0px;
  margin: 1em auto;
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  padding-left: 1em;
}

dl {
  text-align: left;
  margin-left:auto;
  margin-right:auto;
  width: 50%;

  padding-left: 1em;
  border: solid #c2e0ff;
  background: #f0faff;
  border-width: 5px 1px 1px 1px;
  margin: 1em auto;
}

-->
</style>


</head>

<body lang="en">
<a name="TLS-handshake"></a>
<div class="header">
<p>
Next: <a href="Data-transfer-and-termination.html#Data-transfer-and-termination" accesskey="n" rel="next">Data transfer and termination</a>, Previous: <a href="Setting-up-the-transport-layer.html#Setting-up-the-transport-layer" accesskey="p" rel="prev">Setting up the transport layer</a>, Up: <a href="How-to-use-GnuTLS-in-applications.html#How-to-use-GnuTLS-in-applications" accesskey="u" rel="up">How to use GnuTLS in applications</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="TLS-handshake-1"></a>
<h3 class="section">6.6 TLS handshake</h3>
<p>Once a session has been initialized and a network
connection has been set up, TLS and DTLS protocols
perform a handshake. The handshake is the actual key
exchange.
</p>




<dl>
<dt><a name="index-gnutls_005fhandshake"></a>Function: <em>int</em> <strong>gnutls_handshake</strong> <em>(gnutls_session_t <var>session</var>)</em></dt>
<dd><p><var>session</var>: is a <code>gnutls_session_t</code>  type.
</p>
<p>This function does the handshake of the TLS/SSL protocol, and
initializes the TLS connection.
</p>
<p>This function will fail if any problem is encountered, and will
return a negative error code. In case of a client, if the client
has asked to resume a session, but the server couldn&rsquo;t, then a
full handshake will be performed.
</p>
<p>The non-fatal errors expected by this function are:
<code>GNUTLS_E_INTERRUPTED</code> , <code>GNUTLS_E_AGAIN</code> , 
<code>GNUTLS_E_WARNING_ALERT_RECEIVED</code> , and <code>GNUTLS_E_GOT_APPLICATION_DATA</code> ,
the latter only in a case of rehandshake.
</p>
<p>The former two interrupt the handshake procedure due to the lower
layer being interrupted, and the latter because of an alert that
may be sent by a server (it is always a good idea to check any
received alerts). On these errors call this function again, until it
returns 0; cf.  <code>gnutls_record_get_direction()</code>  and
<code>gnutls_error_is_fatal()</code> . In DTLS sessions the non-fatal error
<code>GNUTLS_E_LARGE_PACKET</code>  is also possible, and indicates that
the MTU should be adjusted.
</p>
<p>If this function is called by a server after a rehandshake request
then <code>GNUTLS_E_GOT_APPLICATION_DATA</code>  or
<code>GNUTLS_E_WARNING_ALERT_RECEIVED</code>  may be returned.  Note that these
are non fatal errors, only in the specific case of a rehandshake.
Their meaning is that the client rejected the rehandshake request or
in the case of <code>GNUTLS_E_GOT_APPLICATION_DATA</code>  it could also mean that
some data were pending. A client may receive that error code if
it initiates the handshake and the server doesn&rsquo;t agreed.
</p>
<p><strong>Returns:</strong> <code>GNUTLS_E_SUCCESS</code>  on success, otherwise a negative error code.
</p></dd></dl>





<dl>
<dt><a name="index-gnutls_005fhandshake_005fset_005ftimeout"></a>Function: <em>void</em> <strong>gnutls_handshake_set_timeout</strong> <em>(gnutls_session_t <var>session</var>, unsigned int <var>ms</var>)</em></dt>
<dd><p><var>session</var>: is a <code>gnutls_session_t</code>  type.
</p>
<p><var>ms</var>: is a timeout value in milliseconds
</p>
<p>This function sets the timeout for the TLS handshake process
to the provided value. Use an  <code>ms</code> value of zero to disable
timeout, or <code>GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT</code>  for a reasonable
default value. For the DTLS protocol, the more detailed
<code>gnutls_dtls_set_timeouts()</code>  is provided.
</p>
<p>This function requires to set a pull timeout callback. See
<code>gnutls_transport_set_pull_timeout_function()</code> .
</p>
<p><strong>Since:</strong> 3.1.0
</p></dd></dl>

<p>In GnuTLS 3.5.0 and later it is recommended to use <a href="Core-TLS-API.html#gnutls_005fsession_005fset_005fverify_005fcert">gnutls_session_set_verify_cert</a>
for the handshake process to ensure the verification of the peer&rsquo;s identity.
</p>
<p>In older GnuTLS versions it is required to manually verify the peer&rsquo;s certificate
during the handshake by using <a href="Core-TLS-API.html#gnutls_005fcertificate_005fset_005fverify_005ffunction">gnutls_certificate_set_verify_function</a>, and
<a href="Core-TLS-API.html#gnutls_005fcertificate_005fverify_005fpeers2">gnutls_certificate_verify_peers2</a>. See <a href="Certificate-authentication.html#Certificate-authentication">Certificate authentication</a>
for more information.
</p>
<dl compact="compact">
<dt><code><var>void</var> <a href="Core-TLS-API.html#gnutls_005fsession_005fset_005fverify_005fcert">gnutls_session_set_verify_cert</a> (gnutls_session_t <var>session</var>, const char * <var>hostname</var>, unsigned <var>flags</var>)</code></dt>
<dt><code><var>int</var> <a href="Core-TLS-API.html#gnutls_005fcertificate_005fverify_005fpeers2">gnutls_certificate_verify_peers2</a> (gnutls_session_t <var>session</var>, unsigned int * <var>status</var>)</code></dt>
</dl>

<hr>
<div class="header">
<p>
Next: <a href="Data-transfer-and-termination.html#Data-transfer-and-termination" accesskey="n" rel="next">Data transfer and termination</a>, Previous: <a href="Setting-up-the-transport-layer.html#Setting-up-the-transport-layer" accesskey="p" rel="prev">Setting up the transport layer</a>, Up: <a href="How-to-use-GnuTLS-in-applications.html#How-to-use-GnuTLS-in-applications" accesskey="u" rel="up">How to use GnuTLS in applications</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>