|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@c gnutls_certificate_status_t
|
|
Packit |
aea12f |
@table @code
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-INVALID
|
|
Packit |
aea12f |
The certificate is not signed by one of the
|
|
Packit |
aea12f |
known authorities or the signature is invalid (deprecated by the flags
|
|
Packit |
aea12f |
@code{GNUTLS_CERT_SIGNATURE_FAILURE} and @code{GNUTLS_CERT_SIGNER_NOT_FOUND} ).
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-REVOKED
|
|
Packit |
aea12f |
Certificate is revoked by its authority. In X.509 this will be
|
|
Packit |
aea12f |
set only if CRLs are checked.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-FOUND
|
|
Packit |
aea12f |
The certificate's issuer is not known.
|
|
Packit |
aea12f |
This is the case if the issuer is not included in the trusted certificate list.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-CA
|
|
Packit |
aea12f |
The certificate's signer was not a CA. This
|
|
Packit |
aea12f |
may happen if this was a version 1 certificate, which is common with
|
|
Packit |
aea12f |
some CAs, or a version 3 certificate without the basic constrains extension.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-INSECURE_@-ALGORITHM
|
|
Packit |
aea12f |
The certificate was signed using an insecure
|
|
Packit |
aea12f |
algorithm such as MD2 or MD5. These algorithms have been broken and
|
|
Packit |
aea12f |
should not be trusted.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-NOT_@-ACTIVATED
|
|
Packit |
aea12f |
The certificate is not yet activated.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-EXPIRED
|
|
Packit |
aea12f |
The certificate has expired.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-SIGNATURE_@-FAILURE
|
|
Packit |
aea12f |
The signature verification failed.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-SUPERSEDED
|
|
Packit |
aea12f |
The revocation data are old and have been superseded.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-UNEXPECTED_@-OWNER
|
|
Packit |
aea12f |
The owner is not the expected one.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-ISSUED_@-IN_@-FUTURE
|
|
Packit |
aea12f |
The revocation data have a future issue date.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-SIGNER_@-CONSTRAINTS_@-FAILURE
|
|
Packit |
aea12f |
The certificate's signer constraints were
|
|
Packit |
aea12f |
violated.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-MISMATCH
|
|
Packit |
aea12f |
The certificate presented isn't the expected one (TOFU)
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-PURPOSE_@-MISMATCH
|
|
Packit |
aea12f |
The certificate or an intermediate does not match the intended purpose (extended key usage).
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-MISSING_@-OCSP_@-STATUS
|
|
Packit |
aea12f |
The certificate requires the server to send the certifiate status, but no status was received.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-INVALID_@-OCSP_@-STATUS
|
|
Packit |
aea12f |
The received OCSP status response is invalid.
|
|
Packit |
aea12f |
@item GNUTLS_@-CERT_@-UNKNOWN_@-CRIT_@-EXTENSIONS
|
|
Packit |
aea12f |
The certificate has extensions marked as critical which are not supported.
|
|
Packit |
aea12f |
@end table
|