gnutls_certificate_verify_peers — API function
#include <gnutls/gnutls.h>
int
gnutls_certificate_verify_peers( |
gnutls_session_t session, |
| gnutls_typed_vdata_st * data, | |
| unsigned int elements, | |
unsigned int * status); |
is a gnutls session
an array of typed data
the number of data elements
is the output of the verification
This function will verify the peer's certificate and store
the status in the status variable as a bitwise
or'd gnutls_certificate_status_t values or zero if the
certificate is trusted. Note that value in status is set only when the
return value of this function is success (i.e, failure to
trust a certificate does not imply a negative return value).
The default verification flags used by this function can be
overriden using gnutls_certificate_set_verify_flags(). See
the documentation of gnutls_certificate_verify_peers2() for
details in the verification process.
The acceptable data types are GNUTLS_DT_DNS_HOSTNAME and GNUTLS_DT_KEY_PURPOSE_OID. If a DNS
hostname is provided then this function will compare the
hostname in the certificate against the given. The comparison
will be accurate for ascii names; non−ascii names are
compared byte−by−byte. If names do not match the
GNUTLS_CERT_UNEXPECTED_OWNER
status flag will be set.
If a key purpose OID is provided and the
end−certificate contains the extended key usage PKIX
extension, it will be required to be have the provided key
purpose (e.g., GNUTLS_KP_TLS_WWW_SERVER), or be marked for
any purpose, otherwise verification will fail with
GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE
status.
The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit
| COPYRIGHT |
|---|
|
Copyright © 2001-2014 Free Software Foundation, Inc.. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |