1gnutls_x509_crt_list_verify(3)      gnutls      gnutls_x509_crt_list_verify(3)
2
3
4

NAME

6       gnutls_x509_crt_list_verify - API function
7

SYNOPSIS

9       #include <gnutls/x509.h>
10
11       int  gnutls_x509_crt_list_verify(const  gnutls_x509_crt_t  * cert_list,
12       int  cert_list_length,   const   gnutls_x509_crt_t   *   CA_list,   int
13       CA_list_length,     const    gnutls_x509_crl_t    *    CRL_list,    int
14       CRL_list_length, unsigned int flags, unsigned int * verify);
15

ARGUMENTS

17       const gnutls_x509_crt_t * cert_list
18                   is the certificate list to be verified
19
20       int cert_list_length
21                   holds the number of certificate in cert_list
22
23       const gnutls_x509_crt_t * CA_list
24                   is the CA list which will be used in verification
25
26       int CA_list_length
27                   holds the number of CA certificate in CA_list
28
29       const gnutls_x509_crl_t * CRL_list
30                   holds a list of CRLs.
31
32       int CRL_list_length
33                   the length of CRL list.
34
35       unsigned int flags
36                   Flags that may be used to  change  the  verification  algo‐
37                   rithm.  Use  OR of the gnutls_certificate_verify_flags enu‐
38                   merations.
39
40       unsigned int * verify
41                   will hold the certificate verification output.
42

DESCRIPTION

44       This function will try to verify the given certificate list and  return
45       its  status.  If no flags are specified (0), this function will use the
46       basicConstraints (2.5.29.19) PKIX extension. This  means  that  only  a
47       certificate authority is allowed to sign a certificate.
48
49       You  must  also check the peer's name in order to check if the verified
50       certificate belongs to the actual peer.
51
52       The certificate verification output will be put in verify and  will  be
53       one or more of the gnutls_certificate_status_t enumerated elements bit‐
54       wise   or'd.    For   a   more   detailed   verification   status   use
55       gnutls_x509_crt_verify() per list element.
56

GNUTLS_CERT_INVALID

58       the certificate chain is not valid.
59

GNUTLS_CERT_REVOKED

61       a certificate in the chain has been revoked.
62

RETURNS

64       On  success,  GNUTLS_E_SUCCESS  is returned, otherwise a negative error
65       value.
66

REPORTING BUGS

68       Report   bugs   to    <bug-gnutls@gnu.org>.     GnuTLS    home    page:
69       http://www.gnu.org/software/gnutls/  General  help  using GNU software:
70       http://www.gnu.org/gethelp/
71
73       Copyright © 2008 Free Software Foundation.
74       Copying and distribution of this file, with  or  without  modification,
75       are  permitted  in  any  medium  without royalty provided the copyright
76       notice and this notice are preserved.
77

SEE ALSO

79       The full documentation for gnutls is maintained as  a  Texinfo  manual.
80       If  the  info  and gnutls programs are properly installed at your site,
81       the command
82
83              info gnutls
84
85       should give you access to the complete manual.
86
87
88
89gnutls                             2.12.6.1     gnutls_x509_crt_list_verify(3)
Impressum