1gnutls_certificate_verify_peers3(3) gnutls gnutls_certificate_verify_peers3(3)
2
3
4
6 gnutls_certificate_verify_peers3 - API function
7
9 #include <gnutls/gnutls.h>
10
11 int gnutls_certificate_verify_peers3(gnutls_session_t session, const
12 char * hostname, unsigned int * status);
13
15 gnutls_session_t session
16 is a gnutls session
17
18 const char * hostname
19 is the expected name of the peer; may be NULL
20
21 unsigned int * status
22 is the output of the verification
23
25 This function will verify the peer's certificate and store the the sta‐
26 tus in the status variable as a bitwise OR of gnutls_certificate_sta‐
27 tus_t values or zero if the certificate is trusted. Note that value in
28 status is set only when the return value of this function is success
29 (i.e, failure to trust a certificate does not imply a negative return
30 value). The default verification flags used by this function can be
31 overridden using gnutls_certificate_set_verify_flags(). See the docu‐
32 mentation of gnutls_certificate_verify_peers2() for details in the ver‐
33 ification process.
34
35 This function will take into account the stapled OCSP responses sent by
36 the server, as well as the following X.509 certificate extensions: Name
37 Constraints, Key Usage, and Basic Constraints (pathlen).
38
39 If the hostname provided is non-NULL then this function will compare
40 the hostname in the certificate against it. The comparison will follow
41 the RFC6125 recommendations. If names do not match the GNUTLS_CERT_UN‐
42 EXPECTED_OWNER status flag will be set.
43
44 In order to verify the purpose of the end-certificate (by checking the
45 extended key usage), use gnutls_certificate_verify_peers().
46
47 To avoid denial of service attacks some default upper limits regarding
48 the certificate key size and chain size are set. To override them use
49 gnutls_certificate_set_verify_limits().
50
51 Note that when using raw public-keys verification will not work because
52 there is no corresponding certificate body belonging to the raw key
53 that can be verified. In that case this function will return
54 GNUTLS_E_INVALID_REQUEST.
55
57 GNUTLS_E_SUCCESS [22m(0) when the validation is performed, or a negative
58 error code otherwise. A successful error code means that the status
59 parameter must be checked to obtain the validation status.
60
62 3.1.4
63
65 Report bugs to <bugs@gnutls.org>.
66 Home page: https://www.gnutls.org
67
68
70 Copyright © 2001- Free Software Foundation, Inc., and others.
71 Copying and distribution of this file, with or without modification,
72 are permitted in any medium without royalty provided the copyright no‐
73 tice and this notice are preserved.
74
76 The full documentation for gnutls is maintained as a Texinfo manual.
77 If the /usr/share/doc/gnutls/ directory does not contain the HTML form
78 visit
79
80 https://www.gnutls.org/manual/
81
82gnutls 3.7.2 gnutls_certificate_verify_peers3(3)