manpagez: man pages & more
info gnutls
Home | html | info | man
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

6.6 TLS handshake

Once a session has been initialized and a network connection has been set up, TLS and DTLS protocols perform a handshake. The handshake is the actual key exchange.

Function: int gnutls_handshake (gnutls_session_t session)

session: is a gnutls_session_t structure.

This function does the handshake of the TLS/SSL protocol, and initializes the TLS connection.

This function will fail if any problem is encountered, and will return a negative error code. In case of a client, if the client has asked to resume a session, but the server couldn’t, then a full handshake will be performed.

The non-fatal errors such as GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which should be resumed later. Call this function again, until it returns 0; cf. gnutls_record_get_direction() and gnutls_error_is_fatal() .

If this function is called by a server after a rehandshake request then GNUTLS_E_GOT_APPLICATION_DATA or GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these are non fatal errors, only in the specific case of a rehandshake. Their meaning is that the client rejected the rehandshake request or in the case of GNUTLS_E_GOT_APPLICATION_DATA it might also mean that some data were pending.

Returns: GNUTLS_E_SUCCESS on success, otherwise a negative error code.

Function: void gnutls_handshake_set_timeout (gnutls_session_t session, unsigned int ms)

session: is a gnutls_session_t structure.

ms: is a timeout value in milliseconds

This function sets the timeout for the handshake process to the provided value. Use an ms value of zero to disable timeout.

Note that in order for the timeout to be enforced gnutls_transport_set_pull_timeout_function() must be set (it is set by default in most systems).

The handshake process doesn’t ensure the verification of the peer’s identity. When certificates are in use, this can be done, either after the handshake is complete, or during the handshake if gnutls_certificate_set_verify_function has been used. In both cases the gnutls_certificate_verify_peers2 function can be used to verify the peer’s certificate (see Certificate authentication for more information).

int gnutls_certificate_verify_peers2 (gnutls_session_t session, unsigned int * status)
[ << ] [ < ] [ Up ] [ > ] [ >> ]         [Top] [Contents] [Index] [ ? ]

This document was generated on February 9, 2014 using texi2html 5.0. 

© manpagez.com 2000-2025
Individual documents may contain additional copyright information.