<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>GcrCertificateChain: Gcr Library Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets Vsnapshot">
<link rel="home" href="index.html" title="Gcr Library Reference Manual">
<link rel="up" href="certificates.html" title="Part I. Certificates">
<link rel="prev" href="GcrPkcs11Certificate.html" title="GcrPkcs11Certificate">
<link rel="next" href="gcr-GcrCertificateRequest.html" title="GcrCertificateRequest">
<meta name="generator" content="GTK-Doc V1.27.1 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts">
<a href="#" class="shortcut">Top</a><span id="nav_description"> <span class="dim">|</span>
<a href="#GcrCertificateChain.description" class="shortcut">Description</a></span><span id="nav_hierarchy"> <span class="dim">|</span>
<a href="#GcrCertificateChain.object-hierarchy" class="shortcut">Object Hierarchy</a></span><span id="nav_properties"> <span class="dim">|</span>
<a href="#GcrCertificateChain.properties" class="shortcut">Properties</a></span>
</td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="certificates.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="GcrPkcs11Certificate.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="gcr-GcrCertificateRequest.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="GcrCertificateChain"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle"><a name="GcrCertificateChain.top_of_page"></a>GcrCertificateChain</span></h2>
<p>GcrCertificateChain — A certificate chain</p>
</td>
<td class="gallery_image" valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="GcrCertificateChain.functions"></a><h2>Functions</h2>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="functions_return">
<col class="functions_name">
</colgroup>
<tbody>
<tr>
<td class="function_type">
<a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="returnvalue">GcrCertificateChain</span></a> *
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-new" title="gcr_certificate_chain_new ()">gcr_certificate_chain_new</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">void</span>
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-add" title="gcr_certificate_chain_add ()">gcr_certificate_chain_add</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="returnvalue">GcrCertificate</span></a> *
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-get-certificate" title="gcr_certificate_chain_get_certificate ()">gcr_certificate_chain_get_certificate</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="returnvalue">GcrCertificateChainStatus</span></a>
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-get-status" title="gcr_certificate_chain_get_status ()">gcr_certificate_chain_get_status</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="returnvalue">GcrCertificate</span></a> *
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-get-anchor" title="gcr_certificate_chain_get_anchor ()">gcr_certificate_chain_get_anchor</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="returnvalue">GcrCertificate</span></a> *
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-get-endpoint" title="gcr_certificate_chain_get_endpoint ()">gcr_certificate_chain_get_endpoint</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">guint</span>
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-get-length" title="gcr_certificate_chain_get_length ()">gcr_certificate_chain_get_length</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gboolean</span>
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build" title="gcr_certificate_chain_build ()">gcr_certificate_chain_build</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">void</span>
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build-async" title="gcr_certificate_chain_build_async ()">gcr_certificate_chain_build_async</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gboolean</span>
</td>
<td class="function_name">
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build-finish" title="gcr_certificate_chain_build_finish ()">gcr_certificate_chain_build_finish</a> <span class="c_punctuation">()</span>
</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.properties"></a><h2>Properties</h2>
<div class="informaltable"><table class="informaltable" border="0">
<colgroup>
<col width="150px" class="properties_type">
<col width="300px" class="properties_name">
<col width="200px" class="properties_flags">
</colgroup>
<tbody>
<tr>
<td class="property_type"><span class="type">guint</span></td>
<td class="property_name"><a class="link" href="GcrCertificateChain.html#GcrCertificateChain--length" title="The “length” property">length</a></td>
<td class="property_flags">Read</td>
</tr>
<tr>
<td class="property_type"><a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="type">GcrCertificateChainStatus</span></a></td>
<td class="property_name"><a class="link" href="GcrCertificateChain.html#GcrCertificateChain--status" title="The “status” property">status</a></td>
<td class="property_flags">Read</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.other"></a><h2>Types and Values</h2>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="name">
<col class="description">
</colgroup>
<tbody>
<tr>
<td class="datatype_keyword">struct</td>
<td class="function_name"><a class="link" href="GcrCertificateChain.html#GcrCertificateChain-struct" title="struct GcrCertificateChain">GcrCertificateChain</a></td>
</tr>
<tr>
<td class="datatype_keyword">struct</td>
<td class="function_name"><a class="link" href="GcrCertificateChain.html#GcrCertificateChainClass" title="struct GcrCertificateChainClass">GcrCertificateChainClass</a></td>
</tr>
<tr>
<td class="datatype_keyword">enum</td>
<td class="function_name"><a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus">GcrCertificateChainStatus</a></td>
</tr>
<tr>
<td class="datatype_keyword">enum</td>
<td class="function_name"><a class="link" href="GcrCertificateChain.html#GcrCertificateChainFlags" title="enum GcrCertificateChainFlags">GcrCertificateChainFlags</a></td>
</tr>
<tr>
<td class="define_keyword">#define</td>
<td class="function_name"><a class="link" href="GcrCertificateChain.html#GCR-TYPE-CERTIFICATE-CHAIN-FLAGS:CAPS" title="GCR_TYPE_CERTIFICATE_CHAIN_FLAGS">GCR_TYPE_CERTIFICATE_CHAIN_FLAGS</a></td>
</tr>
<tr>
<td class="define_keyword">#define</td>
<td class="function_name"><a class="link" href="GcrCertificateChain.html#GCR-TYPE-CERTIFICATE-CHAIN-STATUS:CAPS" title="GCR_TYPE_CERTIFICATE_CHAIN_STATUS">GCR_TYPE_CERTIFICATE_CHAIN_STATUS</a></td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.object-hierarchy"></a><h2>Object Hierarchy</h2>
<pre class="screen"> GObject
<span class="lineart">╰──</span> GcrCertificateChain
</pre>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.description"></a><h2>Description</h2>
<p><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> represents a chain of certificates, normally used to
validate the trust in a certificate. An X.509 certificate chain has one
endpoint certificate (the one for which trust is being verified) and then
in turn the certificate that issued each previous certificate in the chain.</p>
<p>This functionality is for building of certificate chains not for validating
them. Use your favorite crypto library to validate trust in a certificate
chain once its built.</p>
<p>The order of certificates in the chain should be first the endpoint
certificates and then the signing certificates.</p>
<p>Create a new certificate chain with <a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-new" title="gcr_certificate_chain_new ()"><code class="function">gcr_certificate_chain_new()</code></a> and then
add the certificates with <a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-add" title="gcr_certificate_chain_add ()"><code class="function">gcr_certificate_chain_add()</code></a>.</p>
<p>You can then use <a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build" title="gcr_certificate_chain_build ()"><code class="function">gcr_certificate_chain_build()</code></a> to build the remainder of
the chain. This will lookup missing certificates in PKCS#11 modules and
also check that each certificate in the chain is the signer of the previous
one. If a trust anchor, pinned certificate, or self-signed certificate is
found, then the chain is considered built. Any extra certificates are
removed from the chain.</p>
<p>Once the certificate chain has been built, you can access its status
through <a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-get-status" title="gcr_certificate_chain_get_status ()"><code class="function">gcr_certificate_chain_get_status()</code></a>. The status signifies whether
the chain is anchored on a trust root, self-signed, incomplete etc. See
<a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="type">GcrCertificateChainStatus</span></a> for information on the various statuses.</p>
<p>It's important to understand that the building of a certificate chain is
merely the first step towards verifying trust in a certificate.</p>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.functions_details"></a><h2>Functions</h2>
<div class="refsect2">
<a name="gcr-certificate-chain-new"></a><h3>gcr_certificate_chain_new ()</h3>
<pre class="programlisting"><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="returnvalue">GcrCertificateChain</span></a> *
gcr_certificate_chain_new (<em class="parameter"><code><span class="type">void</span></code></em>);</pre>
<p>Create a new <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a>.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-new.returns"></a><h4>Returns</h4>
<p>a newly allocated certificate chain. </p>
<p><span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-add"></a><h3>gcr_certificate_chain_add ()</h3>
<pre class="programlisting"><span class="returnvalue">void</span>
gcr_certificate_chain_add (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>,
<em class="parameter"><code><a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="type">GcrCertificate</span></a> *certificate</code></em>);</pre>
<p>Add <em class="parameter"><code>certificate</code></em>
to the chain. The order of certificates in the chain are
important. The first certificate should be the endpoint certificate, and
then come the signers (certificate authorities) each in turn. If a root
certificate authority is present, it should come last.</p>
<p>Adding a certificate an already built chain (see
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build" title="gcr_certificate_chain_build ()"><code class="function">gcr_certificate_chain_build()</code></a>) resets the type of the certificate chain
to <a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-UNKNOWN:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_UNKNOWN</code></a></p>
<div class="refsect3">
<a name="gcr-certificate-chain-add.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>certificate</p></td>
<td class="parameter_description"><p>a <a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="type">GcrCertificate</span></a> to add to the chain</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-get-certificate"></a><h3>gcr_certificate_chain_get_certificate ()</h3>
<pre class="programlisting"><a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="returnvalue">GcrCertificate</span></a> *
gcr_certificate_chain_get_certificate (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>,
<em class="parameter"><code><span class="type">guint</span> index</code></em>);</pre>
<p>Get a certificate in the chain. It is an error to call this function
with an invalid index.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-get-certificate.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>index</p></td>
<td class="parameter_description"><p>index of the certificate to get</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-get-certificate.returns"></a><h4>Returns</h4>
<p>the certificate. </p>
<p><span class="annotation">[<acronym title="Don't free data after the code is done."><span class="acronym">transfer none</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-get-status"></a><h3>gcr_certificate_chain_get_status ()</h3>
<pre class="programlisting"><a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="returnvalue">GcrCertificateChainStatus</span></a>
gcr_certificate_chain_get_status (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>);</pre>
<p>Get the status of a certificate chain. If the certificate chain has not
been built, then the status will be <a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-UNKNOWN:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_UNKNOWN</code></a>.</p>
<p>A status of <a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-ANCHORED:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_ANCHORED</code></a> does not mean that the
certificate chain has been verified, but merely that an anchor has been
found.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-get-status.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-get-status.returns"></a><h4>Returns</h4>
<p> the status of the certificate chain.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-get-anchor"></a><h3>gcr_certificate_chain_get_anchor ()</h3>
<pre class="programlisting"><a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="returnvalue">GcrCertificate</span></a> *
gcr_certificate_chain_get_anchor (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>);</pre>
<p>If the certificate chain has been built and is of status
<a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-ANCHORED:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_ANCHORED</code></a>, then this will return the anchor
certificate that was found. This is not necessarily a root certificate
authority. If an intermediate certificate authority in the chain was
found to be anchored, then that certificate will be returned.</p>
<p>If an anchor is returned it does not mean that the certificate chain has
been verified, but merely that an anchor has been found.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-get-anchor.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-get-anchor.returns"></a><h4>Returns</h4>
<p>the anchor certificate, or NULL if not anchored. </p>
<p><span class="annotation">[<acronym title="Don't free data after the code is done."><span class="acronym">transfer none</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-get-endpoint"></a><h3>gcr_certificate_chain_get_endpoint ()</h3>
<pre class="programlisting"><a class="link" href="GcrCertificate.html" title="GcrCertificate"><span class="returnvalue">GcrCertificate</span></a> *
gcr_certificate_chain_get_endpoint (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>);</pre>
<p>Get the endpoint certificate in the chain. This is always the first
certificate in the chain. The endpoint certificate cannot be anchored.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-get-endpoint.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-get-endpoint.returns"></a><h4>Returns</h4>
<p>the endpoint certificate, or <code class="literal">NULL</code> if the chain
is empty. </p>
<p><span class="annotation">[<acronym title="Don't free data after the code is done."><span class="acronym">transfer none</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-get-length"></a><h3>gcr_certificate_chain_get_length ()</h3>
<pre class="programlisting"><span class="returnvalue">guint</span>
gcr_certificate_chain_get_length (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>);</pre>
<p>Get the length of the certificate chain.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-get-length.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-get-length.returns"></a><h4>Returns</h4>
<p> the length of the certificate chain</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-build"></a><h3>gcr_certificate_chain_build ()</h3>
<pre class="programlisting"><span class="returnvalue">gboolean</span>
gcr_certificate_chain_build (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *purpose</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *peer</code></em>,
<em class="parameter"><code><a class="link" href="GcrCertificateChain.html#GcrCertificateChainFlags" title="enum GcrCertificateChainFlags"><span class="type">GcrCertificateChainFlags</span></a> flags</code></em>,
<em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
<em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
<p>Complete a certificate chain. Once a certificate chain has been built
its status can be examined.</p>
<p>This operation will lookup missing certificates in PKCS#11
modules and also that each certificate in the chain is the signer of the
previous one. If a trust anchor, pinned certificate, or self-signed certificate
is found, then the chain is considered built. Any extra certificates are
removed from the chain.</p>
<p>It's important to understand that building of a certificate chain does not
constitute verifying that chain. This is merely the first step towards
trust verification.</p>
<p>The <em class="parameter"><code>purpose</code></em>
is a string like <a class="link" href="gcr-Trust-Storage-and-Lookups.html#GCR-PURPOSE-CLIENT-AUTH:CAPS" title="GCR_PURPOSE_CLIENT_AUTH"><code class="literal">GCR_PURPOSE_CLIENT_AUTH</code></a> and is the purpose
for which the certificate chain will be used. Trust anchors are looked up
for this purpose. This argument is required.</p>
<p>The <em class="parameter"><code>peer</code></em>
is usually the host name of the peer whith which this certificate
chain is being used. It is used to look up pinned certificates that have
been stored for this peer. If <code class="literal">NULL</code> then no pinned certificates will
be considered.</p>
<p>If the <a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-NO-LOOKUPS:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_NO_LOOKUPS</code></a> flag is specified then no
lookups for anchors or pinned certificates are done, and the resulting chain
will be neither anchored or pinned. Additionally no missing certificate
authorities are looked up in PKCS#11</p>
<p>This call will block, see <a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build-async" title="gcr_certificate_chain_build_async ()"><code class="function">gcr_certificate_chain_build_async()</code></a> for the
asynchronous version.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-build.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>purpose</p></td>
<td class="parameter_description"><p>the purpose the certificate chain will be used for</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>peer</p></td>
<td class="parameter_description"><p>the peer the certificate chain will be used with, or <code class="literal">NULL</code>. </p></td>
<td class="parameter_annotations"><span class="annotation">[<acronym title="NULL is OK, both for passing and for returning."><span class="acronym">allow-none</span></acronym>]</span></td>
</tr>
<tr>
<td class="parameter_name"><p>flags</p></td>
<td class="parameter_description"><p>chain completion flags</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>cancellable</p></td>
<td class="parameter_description"><p>a <span class="type">GCancellable</span> or <code class="literal">NULL</code></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>error</p></td>
<td class="parameter_description"><p>a <span class="type">GError</span> or <code class="literal">NULL</code></p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-build.returns"></a><h4>Returns</h4>
<p> whether the operation completed successfully</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-build-async"></a><h3>gcr_certificate_chain_build_async ()</h3>
<pre class="programlisting"><span class="returnvalue">void</span>
gcr_certificate_chain_build_async (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *purpose</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *peer</code></em>,
<em class="parameter"><code><a class="link" href="GcrCertificateChain.html#GcrCertificateChainFlags" title="enum GcrCertificateChainFlags"><span class="type">GcrCertificateChainFlags</span></a> flags</code></em>,
<em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
<em class="parameter"><code><span class="type">GAsyncReadyCallback</span> callback</code></em>,
<em class="parameter"><code><span class="type">gpointer</span> user_data</code></em>);</pre>
<p>Complete a certificate chain. Once a certificate chain has been built
its status can be examined.</p>
<p>This will lookup missing certificates in PKCS#11
modules and also that each certificate in the chain is the signer of the
previous one. If a trust anchor, pinned certificate, or self-signed certificate
is found, then the chain is considered built. Any extra certificates are
removed from the chain.</p>
<p>It's important to understand that building of a certificate chain does not
constitute verifying that chain. This is merely the first step towards
trust verification.</p>
<p>The <em class="parameter"><code>purpose</code></em>
is a string like <a class="link" href="gcr-Trust-Storage-and-Lookups.html#GCR-PURPOSE-CLIENT-AUTH:CAPS" title="GCR_PURPOSE_CLIENT_AUTH"><code class="literal">GCR_PURPOSE_CLIENT_AUTH</code></a> and is the purpose
for which the certificate chain will be used. Trust anchors are looked up
for this purpose. This argument is required.</p>
<p>The <em class="parameter"><code>peer</code></em>
is usually the host name of the peer whith which this certificate
chain is being used. It is used to look up pinned certificates that have
been stored for this peer. If <code class="literal">NULL</code> then no pinned certificates will
be considered.</p>
<p>If the <a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-NO-LOOKUPS:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_NO_LOOKUPS</code></a> flag is specified then no
lookups for anchors or pinned certificates are done, and the resulting chain
will be neither anchored or pinned. Additionally no missing certificate
authorities are looked up in PKCS#11</p>
<p>When the operation is finished, <em class="parameter"><code>callback</code></em>
will be called. You can then call
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build-finish" title="gcr_certificate_chain_build_finish ()"><code class="function">gcr_certificate_chain_build_finish()</code></a> to get the result of the operation.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-build-async.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>purpose</p></td>
<td class="parameter_description"><p>the purpose the certificate chain will be used for</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>peer</p></td>
<td class="parameter_description"><p>the peer the certificate chain will be used with, or <code class="literal">NULL</code>. </p></td>
<td class="parameter_annotations"><span class="annotation">[<acronym title="NULL is OK, both for passing and for returning."><span class="acronym">allow-none</span></acronym>]</span></td>
</tr>
<tr>
<td class="parameter_name"><p>flags</p></td>
<td class="parameter_description"><p>chain completion flags</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>cancellable</p></td>
<td class="parameter_description"><p>a <span class="type">GCancellable</span> or <code class="literal">NULL</code></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>callback</p></td>
<td class="parameter_description"><p>this will be called when the operation completes.</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>user_data</p></td>
<td class="parameter_description"><p>data to pass to the callback</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
</div>
<hr>
<div class="refsect2">
<a name="gcr-certificate-chain-build-finish"></a><h3>gcr_certificate_chain_build_finish ()</h3>
<pre class="programlisting"><span class="returnvalue">gboolean</span>
gcr_certificate_chain_build_finish (<em class="parameter"><code><a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a> *self</code></em>,
<em class="parameter"><code><span class="type">GAsyncResult</span> *result</code></em>,
<em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
<p>Finishes an asynchronous operation started by
<a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build-async" title="gcr_certificate_chain_build_async ()"><code class="function">gcr_certificate_chain_build_async()</code></a>.</p>
<div class="refsect3">
<a name="gcr-certificate-chain-build-finish.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>self</p></td>
<td class="parameter_description"><p>the <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>result</p></td>
<td class="parameter_description"><p>the <span class="type">GAsyncResult</span> passed to the callback</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>error</p></td>
<td class="parameter_description"><p>a <span class="type">GError</span>, or NULL</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="gcr-certificate-chain-build-finish.returns"></a><h4>Returns</h4>
<p> whether the operation succeeded</p>
</div>
</div>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.other_details"></a><h2>Types and Values</h2>
<div class="refsect2">
<a name="GcrCertificateChain-struct"></a><h3>struct GcrCertificateChain</h3>
<pre class="programlisting">struct GcrCertificateChain;</pre>
<p>A chain of certificates.</p>
</div>
<hr>
<div class="refsect2">
<a name="GcrCertificateChainClass"></a><h3>struct GcrCertificateChainClass</h3>
<pre class="programlisting">struct GcrCertificateChainClass {
GObjectClass parent_class;
};
</pre>
<p>The class for <a class="link" href="GcrCertificateChain.html" title="GcrCertificateChain"><span class="type">GcrCertificateChain</span></a>.</p>
<div class="refsect3">
<a name="GcrCertificateChainClass.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="300px" class="struct_members_name">
<col class="struct_members_description">
<col width="200px" class="struct_members_annotations">
</colgroup>
<tbody></tbody>
</table></div>
</div>
</div>
<hr>
<div class="refsect2">
<a name="GcrCertificateChainStatus"></a><h3>enum GcrCertificateChainStatus</h3>
<p>The status of a built certificate chain. Will be set to
<a class="link" href="GcrCertificateChain.html#GCR-CERTIFICATE-CHAIN-UNKNOWN:CAPS"><code class="literal">GCR_CERTIFICATE_CHAIN_UNKNOWN</code></a> for certificate chains that have not been
built.</p>
<div class="refsect3">
<a name="GcrCertificateChainStatus.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="300px" class="enum_members_name">
<col class="enum_members_description">
<col width="200px" class="enum_members_annotations">
</colgroup>
<tbody>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-UNKNOWN:CAPS"></a>GCR_CERTIFICATE_CHAIN_UNKNOWN</p></td>
<td class="enum_member_description">
<p>The certificate chain's status is unknown.
When a chain is not yet built it has this status. If a chain is modified after
being built, it has this status.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-INCOMPLETE:CAPS"></a>GCR_CERTIFICATE_CHAIN_INCOMPLETE</p></td>
<td class="enum_member_description">
<p>A full chain could not be loaded. The
chain does not end with a self-signed certificate, a trusted anchor, or a
pinned certificate.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-DISTRUSTED:CAPS"></a>GCR_CERTIFICATE_CHAIN_DISTRUSTED</p></td>
<td class="enum_member_description">
<p>The certificate chain contains a revoked
or otherwise explicitly distrusted certificate. The entire chain should
be distrusted.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-SELFSIGNED:CAPS"></a>GCR_CERTIFICATE_CHAIN_SELFSIGNED</p></td>
<td class="enum_member_description">
<p>The chain ends with a self-signed
certificate. No trust anchor was found.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-PINNED:CAPS"></a>GCR_CERTIFICATE_CHAIN_PINNED</p></td>
<td class="enum_member_description">
<p>The chain represents a pinned certificate. A
pinned certificate is an exception which trusts a given certificate
explicitly for a purpose and communication with a certain peer.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-ANCHORED:CAPS"></a>GCR_CERTIFICATE_CHAIN_ANCHORED</p></td>
<td class="enum_member_description">
<p>The chain ends with an anchored
certificate. The anchored certificate is not necessarily self-signed.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
</div>
<hr>
<div class="refsect2">
<a name="GcrCertificateChainFlags"></a><h3>enum GcrCertificateChainFlags</h3>
<p>Flags to be used with the <a class="link" href="GcrCertificateChain.html#gcr-certificate-chain-build" title="gcr_certificate_chain_build ()"><code class="function">gcr_certificate_chain_build()</code></a> operation.</p>
<div class="refsect3">
<a name="GcrCertificateChainFlags.members"></a><h4>Members</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="300px" class="enum_members_name">
<col class="enum_members_description">
<col width="200px" class="enum_members_annotations">
</colgroup>
<tbody>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-NONE:CAPS"></a>GCR_CERTIFICATE_CHAIN_NONE</p></td>
<td class="enum_member_description">
<p>no flags</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
<tr>
<td class="enum_member_name"><p><a name="GCR-CERTIFICATE-CHAIN-NO-LOOKUPS:CAPS"></a>GCR_CERTIFICATE_CHAIN_NO_LOOKUPS</p></td>
<td class="enum_member_description">
<p>If this flag is specified then no
lookups for anchors or pinned certificates are done, and the resulting chain
will be neither anchored or pinned. Additionally no missing certificate
authorities are looked up in PKCS#11.</p>
</td>
<td class="enum_member_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
</div>
<hr>
<div class="refsect2">
<a name="GCR-TYPE-CERTIFICATE-CHAIN-FLAGS:CAPS"></a><h3>GCR_TYPE_CERTIFICATE_CHAIN_FLAGS</h3>
<pre class="programlisting">#define GCR_TYPE_CERTIFICATE_CHAIN_FLAGS (gcr_certificate_chain_flags_get_type ())
</pre>
<p>The flags <span class="type">GType</span> for <a class="link" href="GcrCertificateChain.html#GcrCertificateChainFlags" title="enum GcrCertificateChainFlags"><span class="type">GcrCertificateChainFlags</span></a>.</p>
</div>
<hr>
<div class="refsect2">
<a name="GCR-TYPE-CERTIFICATE-CHAIN-STATUS:CAPS"></a><h3>GCR_TYPE_CERTIFICATE_CHAIN_STATUS</h3>
<pre class="programlisting">#define GCR_TYPE_CERTIFICATE_CHAIN_STATUS (gcr_certificate_chain_status_get_type ())
</pre>
<p>The enum <span class="type">GType</span> for <a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="type">GcrCertificateChainStatus</span></a>.</p>
</div>
</div>
<div class="refsect1">
<a name="GcrCertificateChain.property-details"></a><h2>Property Details</h2>
<div class="refsect2">
<a name="GcrCertificateChain--length"></a><h3>The <code class="literal">“length”</code> property</h3>
<pre class="programlisting"> “length” <span class="type">guint</span></pre>
<p>The length of the certificate chain.</p>
<p>Flags: Read</p>
<p>Default value: 0</p>
</div>
<hr>
<div class="refsect2">
<a name="GcrCertificateChain--status"></a><h3>The <code class="literal">“status”</code> property</h3>
<pre class="programlisting"> “status” <a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="type">GcrCertificateChainStatus</span></a></pre>
<p>The certificate chain status. See <a class="link" href="GcrCertificateChain.html#GcrCertificateChainStatus" title="enum GcrCertificateChainStatus"><span class="type">GcrCertificateChainStatus</span></a></p>
<p>Flags: Read</p>
<p>Default value: GCR_CERTIFICATE_CHAIN_UNKNOWN</p>
</div>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.27.1</div>
</body>
</html>