@deftypefun {void} {gnutls_certificate_client_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_client_retrieve_function * @var{func})
@var{cred}: is a @code{gnutls_certificate_credentials_t}  structure.

@var{func}: is the callback function

This function sets a callback to be called in order to retrieve the
certificate to be used in the handshake.
You are advised to use @code{gnutls_certificate_set_retrieve_function2()}  because it
is much more efficient in the processing it requires from gnutls.

The callback's function prototype is:
int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs,
const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st);

 @code{req_ca_cert} is only used in X.509 certificates.
Contains a list with the CA names that the server considers trusted.
Normally we should send a certificate that is signed
by one of these CAs. These names are DER encoded. To get a more
meaningful value use the function @code{gnutls_x509_rdn_get()} .

 @code{pk_algos} contains a list with server's acceptable signature algorithms.
The certificate returned should support the server's given algorithms.

 @code{st} should contain the certificates and private keys.

If the callback function is provided then gnutls will call it, in the
handshake, if a certificate is requested by the server (and after the 
certificate request message has been received).

The callback function should set the certificate list to be sent,
and return 0 on success. If no certificate was selected then the
number of certificates should be set to zero. The value (-1)
indicates error and the handshake will be terminated.
@end deftypefun