1gnutls_x509_crt_list_verify(3)      gnutls      gnutls_x509_crt_list_verify(3)
2
3
4

NAME

6       gnutls_x509_crt_list_verify - This function verifies the given certifi‐
7       cate list
8

SYNOPSIS

10       #include <gnutls/x509.h>
11
12       int gnutls_x509_crt_list_verify(const  gnutls_x509_crt_t  *  cert_list,
13       int   cert_list_length,   const   gnutls_x509_crt_t   *   CA_list,  int
14       CA_list_length,    const    gnutls_x509_crl_t    *    CRL_list,     int
15       CRL_list_length, unsigned int flags, unsigned int * verify);
16

ARGUMENTS

18       const gnutls_x509_crt_t * cert_list
19                   is the certificate list to be verified
20
21       int cert_list_length
22                   holds the number of certificate in cert_list
23
24       const gnutls_x509_crt_t * CA_list
25                   is the CA list which will be used in verification
26
27       int CA_list_length
28                   holds the number of CA certificate in CA_list
29
30       const gnutls_x509_crl_t * CRL_list
31                   holds a list of CRLs.
32
33       int CRL_list_length
34                   the length of CRL list.
35
36       unsigned int flags
37                   Flags  that  may  be  used to change the verification algo‐
38                   rithm. Use OR of the  gnutls_certificate_verify_flags  enu‐
39                   merations.
40
41       unsigned int * verify
42                   will hold the certificate verification output.
43

DESCRIPTION

45       This  function will try to verify the given certificate list and return
46       its status.  Note that expiration and activation dates are not  checked
47       by  this  function,  you  should check them using the appropriate func‐
48       tions.
49
50       If no flags are specified  (0),  this  function  will  use  the  basic‐
51       Constraints (2.5.29.19) PKIX extension. This means that only a certifi‐
52       cate authority is allowed to sign a certificate.
53
54       You must also check the peer's name in order to check if  the  verified
55       certificate belongs to the actual peer.
56
57       The  certificate  verification output will be put in verify and will be
58       one or more of the gnutls_certificate_status_t enumerated elements bit‐
59       wise   or'd.    For   a   more   detailed   verification   status   use
60       gnutls_x509_crt_verify() per list element.
61

GNUTLS_CERT_INVALID

63       the certificate chain is not valid.
64

GNUTLS_CERT_REVOKED

66       a certificate in the chain has been revoked.
67
68       Returns 0 on success and a negative value in case of an error.
69

REPORTING BUGS

71       Report bugs to <bug-gnutls@gnu.org>.
72

74       Copyright © 2006 Free Software Foundation.
75       Permission is granted to make and distribute verbatim  copies  of  this
76       manual  provided  the  copyright  notice and this permission notice are
77       preserved on all copies.
78

SEE ALSO

80       The full documentation for gnutls is maintained as  a  Texinfo  manual.
81       If  the  info  and gnutls programs are properly installed at your site,
82       the command
83
84              info gnutls
85
86       should give you access to the complete manual.
87
88
89
90gnutls                               1.6.3      gnutls_x509_crt_list_verify(3)
Impressum