NAME


gnutls_x509_crt_list_verify - This function verifies the given certificate list

SYNOPSIS


#include <gnutls/x509.h>

int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, int cert_list_length, const gnutls_x509_crt_t * CA_list, int CA_list_length, const gnutls_x509_crl_t * CRL_list, int CRL_list_length, unsigned int flags, unsigned int * verify);

ARGUMENTS


const gnutls_x509_crt_t * cert_list is the certificate list to be verified
int cert_list_length holds the number of certificate in cert_list
const gnutls_x509_crt_t * CA_list is the CA list which will be used in verification
int CA_list_length holds the number of CA certificate in CA_list
const gnutls_x509_crl_t * CRL_list holds a list of CRLs.
int CRL_list_length the length of CRL list.
unsigned int flags Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
unsigned int * verify will hold the certificate verification output.

DESCRIPTION


This function will try to verify the given certificate list and return its status. Note that expiration and activation dates are not checked by this function, you should check them using the appropriate functions.

If no flags are specified (0), this function will use the basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate authority is allowed to sign a certificate.

You must also check the peer’s name in order to check if the verified certificate belongs to the actual peer.

The certificate verification output will be put in verify and will be one or more of the gnutls_certificate_status_t enumerated elements bitwise or’d. For a more detailed verification status use gnutls_x509_crt_verify() per list element.

GNUTLS_CERT_INVALID


the certificate chain is not valid.

GNUTLS_CERT_REVOKED


a certificate in the chain has been revoked.

RETURNS


On success, GNUTLS_E_SUCCESS is returned, otherwise a negative error value.and a negative value in case of an error.

REPORTING BUGS


Report bugs to <bug-gnutls@gnu.org>.

COPYRIGHT


Copyright © 2008 Free Software Foundation. Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies.

SEE ALSO


The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual.

openSUSE Logo

Contents