gnutls_x509_trust_list_verify_crt2(3)

1gnutls_x509_trust_list_verify_crt2(3)gnutlsgnutls_x509_trust_list_verify_crt2(3)
2
3
4

NAME

6       gnutls_x509_trust_list_verify_crt2 - API function
7

SYNOPSIS

9       #include <gnutls/x509.h>
10
11       int  gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t  list,
12       gnutls_x509_crt_t   *   cert_list,   unsigned    int    cert_list_size,
13       gnutls_typed_vdata_st  *  data,  unsigned  int  elements,  unsigned int
14       flags, unsigned int * voutput, gnutls_verify_output_function func);
15

ARGUMENTS

17       gnutls_x509_trust_list_t list
18                   The structure of the list
19
20       gnutls_x509_crt_t * cert_list
21                   is the certificate list to be verified
22
23       unsigned int cert_list_size
24                   is the certificate list size
25
26       gnutls_typed_vdata_st * data
27                   an array of typed data
28
29       unsigned int elements
30                   the number of data elements
31
32       unsigned int flags
33                   Flags that may be used to  change  the  verification  algo‐
34                   rithm.  Use  OR of the gnutls_certificate_verify_flags enu‐
35                   merations.
36
37       unsigned int * voutput
38                   will hold the certificate verification output.
39
40       gnutls_verify_output_function func
41                   If non-null will be called on each chain element  verifica‐
42                   tion with the output.
43

DESCRIPTION

45       This  function  will try to verify the given certificate and return its
46       status.  The   verify  parameter  will  hold  an  OR'ed   sequence   of
47       gnutls_certificate_status_t flags.
48
49       Additionally  a  certificate verification profile can be specified from
50       the ones in  gnutls_certificate_verification_profiles_t  by  ORing  the
51       result of GNUTLS_PROFILE_TO_VFLAGS() to the verification flags.
52
53       The    acceptable     data   types   are   GNUTLS_DT_DNS_HOSTNAME   and
54       GNUTLS_DT_KEY_PURPOSE_OID.  The former accepts as  data  a  null-termi‐
55       nated  hostname,  and  the  latter  a null-terminated object identifier
56       (e.g., GNUTLS_KP_TLS_WWW_SERVER).  If a DNS hostname is  provided  then
57       this  function will compare the hostname in the certificate against the
58       given. If names do not match  the  GNUTLS_CERT_UNEXPECTED_OWNER  status
59       flag  will  be  set.  If a key purpose OID is provided and the end-cer‐
60       tificate contains the extended key usage PKIX  extension,  it  will  be
61       required  to be have the provided key purpose or be marked for any pur‐
62       pose, otherwise verification  will  fail  with  GNUTLS_CERT_SIGNER_CON‐
63       STRAINTS_FAILURE status.
64

RETURNS

66       On  success,  GNUTLS_E_SUCCESS  [22m(0)  is  returned, otherwise a negative
67       error value. Note that verification failure will not result to an error
68       code, only  voutput will be updated.
69

SINCE

71       3.3.8
72

REPORTING BUGS

74       Report bugs to <bugs@gnutls.org>.
75       Home page: http://www.gnutls.org
76
77

COPYRIGHT

79       Copyright © 2001-2014 Free Software Foundation, Inc..
80       Copying  and  distribution  of this file, with or without modification,
81       are permitted in any medium  without  royalty  provided  the  copyright
82       notice and this notice are preserved.
83