1gnutls_certificate_verify_peers2(3) gnutls gnutls_certificate_verify_peers2(3)
2
6 gnutls_certificate_verify_peers2 - This function returns the peer's
7 certificate verification status
8
10 #include <gnutls/gnutls.h>
11 int gnutls_certificate_verify_peers2(gnutls_session_t session, unsigned
13 int * status);
14
16 gnutls_session_t session
17 is a gnutls session
18 unsigned int * status
20 is the output of the verification
21
23 This function will try to verify the peer's certificate and return its
24 status (trusted, invalid etc.). The value of status should be one or
25 more of the gnutls_certificate_status_t enumerated elements bitwise
26 or'd. To avoid denial of service attacks some default upper limits
27 regarding the certificate key size and chain size are set. To override
28 them use gnutls_certificate_set_verify_limits().
29 Note that you must also check the peer's name in order to check if the
31 verified certificate belongs to the actual peer.
32 Returns a negative error code on error and zero on success.
34 This is the same as gnutls_x509_verify_certificate() and uses the
36 loaded CAs in the credentials as trusted CAs.
37 Note that some commonly used X.509 Certificate Authorities are still
39 using Version 1 certificates. If you want to accept them, you need to
40 call gnutls_certificate_set_verify_flags() with, e.g., GNUTLS_VER‐
41 IFY_ALLOW_X509_V1_CA_CRT parameter.
42
44 Report bugs to <bug-gnutls@gnu.org>.
45
47 Copyright © 2006 Free Software Foundation.
48 Permission is granted to make and distribute verbatim copies of this
49 manual provided the copyright notice and this permission notice are
50 preserved on all copies.
51
53 The full documentation for gnutls is maintained as a Texinfo manual.
54 If the info and gnutls programs are properly installed at your site,
55 the command
56 info gnutls
58 should give you access to the complete manual.
60gnutls 1.6.3 gnutls_certificate_verify_peers2(3)