1gnutls_certificate_verify_peers3(3) gnutls gnutls_certificate_verify_peers3(3)
2
3
4

NAME

6       gnutls_certificate_verify_peers3 - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       int  gnutls_certificate_verify_peers3(gnutls_session_t  session,  const
12       char * hostname, unsigned int * status);
13

ARGUMENTS

15       gnutls_session_t session
16                   is a gnutls session
17
18       const char * hostname
19                   is the expected name of the peer; may be NULL
20
21       unsigned int * status
22                   is the output of the verification
23

DESCRIPTION

25       This function will verify the peer's certificate and store the the sta‐
26       tus  in the  status variable as a bitwise OR of gnutls_certificate_sta‐
27       tus_t values or zero if the certificate is trusted. Note that value  in
28       status  is  set  only when the return value of this function is success
29       (i.e, failure to trust a certificate does not imply a  negative  return
30       value).   The  default  verification flags used by this function can be
31       overridden using gnutls_certificate_set_verify_flags(). See  the  docu‐
32       mentation of gnutls_certificate_verify_peers2() for details in the ver‐
33       ification process.
34
35       This function will take into account the stapled OCSP responses sent by
36       the server, as well as the following X.509 certificate extensions: Name
37       Constraints, Key Usage, and Basic Constraints (pathlen).
38
39       If the  hostname provided is non-NULL then this function  will  compare
40       the  hostname in the certificate against it. The comparison will follow
41       the   RFC6125   recommendations.   If   names   do   not   match    the
42       GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set.
43
44       In  order to verify the purpose of the end-certificate (by checking the
45       extended key usage), use gnutls_certificate_verify_peers().
46
47       To avoid denial of service attacks some default upper limits  regarding
48       the  certificate  key size and chain size are set. To override them use
49       gnutls_certificate_set_verify_limits().
50

RETURNS

52       GNUTLS_E_SUCCESS (0) when the validation is performed,  or  a  negative
53       error  code  otherwise.  A successful error code means that the  status
54       parameter must be checked to obtain the validation status.
55

SINCE

57       3.1.4
58

REPORTING BUGS

60       Report bugs to <bugs@gnutls.org>.
61       Home page: http://www.gnutls.org
62
63

COPYRIGHT

65       Copyright © 2001-2018 Free Software Foundation, Inc., and others.
66       Copying and distribution of this file, with  or  without  modification,
67       are  permitted  in  any  medium  without royalty provided the copyright
68       notice and this notice are preserved.
69

SEE ALSO

71       The full documentation for gnutls is maintained as  a  Texinfo  manual.
72       If  the /usr/share/doc/gnutls/ directory does not contain the HTML form
73       visit
74
75       http://www.gnutls.org/manual/
76
77gnutls                               3.6.5 gnutls_certificate_verify_peers3(3)