1gnutls_certificate_verify_peers3(3) gnutls gnutls_certificate_verify_peers3(3)
2
3
4

NAME

6       gnutls_certificate_verify_peers3 - API function
7

SYNOPSIS

9       #include <gnutls/gnutls.h>
10
11       int  gnutls_certificate_verify_peers3(gnutls_session_t  session,  const
12       char * hostname, unsigned int * status);
13

ARGUMENTS

15       gnutls_session_t session
16                   is a gnutls session
17
18       const char * hostname
19                   is the expected name of the peer; may be NULL
20
21       unsigned int * status
22                   is the output of the verification
23

DESCRIPTION

25       This function will verify the peer's certificate and store the the sta‐
26       tus  in the  status variable as a bitwise OR of gnutls_certificate_sta‐
27       tus_t values or zero if the certificate is trusted. Note that value  in
28       status  is  set  only when the return value of this function is success
29       (i.e, failure to trust a certificate does not imply a  negative  return
30       value).   The  default  verification flags used by this function can be
31       overridden using gnutls_certificate_set_verify_flags(). See  the  docu‐
32       mentation of gnutls_certificate_verify_peers2() for details in the ver‐
33       ification process.
34
35       This function will take into account the stapled OCSP responses sent by
36       the server, as well as the following X.509 certificate extensions: Name
37       Constraints, Key Usage, and Basic Constraints (pathlen).
38
39       If the  hostname provided is non-NULL then this function  will  compare
40       the  hostname in the certificate against it. The comparison will follow
41       the   RFC6125   recommendations.   If   names   do   not   match    the
42       GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set.
43
44       In  order to verify the purpose of the end-certificate (by checking the
45       extended key usage), use gnutls_certificate_verify_peers().
46
47       To avoid denial of service attacks some default upper limits  regarding
48       the  certificate  key size and chain size are set. To override them use
49       gnutls_certificate_set_verify_limits().
50
51       Note that when using raw public-keys verification will not work because
52       there  is  no  corresponding  certificate body belonging to the raw key
53       that  can  be  verified.  In  that  case  this  function  will   return
54       GNUTLS_E_INVALID_REQUEST.
55

RETURNS

57       GNUTLS_E_SUCCESS  (0)  when  the validation is performed, or a negative
58       error code otherwise.  A successful error code means that  the   status
59       parameter must be checked to obtain the validation status.
60

SINCE

62       3.1.4
63

REPORTING BUGS

65       Report bugs to <bugs@gnutls.org>.
66       Home page: https://www.gnutls.org
67
68
70       Copyright © 2001-2020 Free Software Foundation, Inc., and others.
71       Copying  and  distribution  of this file, with or without modification,
72       are permitted in any medium  without  royalty  provided  the  copyright
73       notice and this notice are preserved.
74

SEE ALSO

76       The  full  documentation  for gnutls is maintained as a Texinfo manual.
77       If the /usr/share/doc/gnutls/ directory does not contain the HTML  form
78       visit
79
80       https://www.gnutls.org/manual/
81
82gnutls                              3.6.13 gnutls_certificate_verify_peers3(3)
Impressum