void gnutls_ia_set_server_avp_function(gnutls_ia_server_credentials_t cred, gnutls_ia_avp_func avp_func);
The callback's function form is: int (*avp_func) (gnutls_session_t session, void *ptr, const char *last, size_t lastlen, char **next, size_t *nextlen);
The session parameter is the gnutls_session_t structure corresponding to the current session. The ptr parameter is the application hook pointer, set through gnutls_ia_set_server_avp_ptr(). The AVP received from the client is present in last of lastlen size. The newly allocated output AVP to send to the client should be placed in *next of *nextlen size.
The AVP callback is called to process incoming AVPs from the client, and to get a new AVP to send to the client. It can also be used to instruct the TLS/IA handshake to do go into the Intermediate or Final phases. It return a negative error code, or an gnutls_ia_apptype_t message type.
The callback may invoke gnutls_ia_permute_inner_secret() to mix any generated session keys with the TLS/IA inner secret.
Specifically, return GNUTLS_IA_APPLICATION_PAYLOAD (0) to send another AVP to the client, return GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED (1) to indicate that an IntermediatePhaseFinished message should be sent, and return GNUTLS_IA_FINAL_PHASE_FINISHED (2) to indicate that an FinalPhaseFinished message should be sent. In the last two cases, the contents of the next and nextlen parameter is not used.
Note that the callback must use allocate the next parameter using gnutls_malloc(), because it is released via gnutls_free() by the TLS/IA handshake function.
should give you access to the complete manual.