|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags})
|
|
Packit Service |
4684c1 |
@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} type
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@var{flags}: verification flags from @code{gnutls_certificate_verify_flags}
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Verify signature of the Basic OCSP Response against the public key
|
|
Packit Service |
4684c1 |
in the certificate of a trusted signer. The @code{trustlist} should be
|
|
Packit Service |
4684c1 |
populated with trust anchors. The function will extract the signer
|
|
Packit Service |
4684c1 |
certificate from the Basic OCSP Response and will verify it against
|
|
Packit Service |
4684c1 |
the @code{trustlist} . A trusted signer is a certificate that is either
|
|
Packit Service |
4684c1 |
in @code{trustlist} , or it is signed directly by a certificate in
|
|
Packit Service |
4684c1 |
@code{trustlist} and has the id-ad-ocspSigning Extended Key Usage bit
|
|
Packit Service |
4684c1 |
set.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The output @code{verify} variable will hold verification status codes
|
|
Packit Service |
4684c1 |
(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} ,
|
|
Packit Service |
4684c1 |
@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the
|
|
Packit Service |
4684c1 |
function returned @code{GNUTLS_E_SUCCESS} .
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Note that the function returns @code{GNUTLS_E_SUCCESS} even when
|
|
Packit Service |
4684c1 |
verification failed. The caller must always inspect the @code{verify} variable to find out the verification status.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
The @code{flags} variable should be 0 for now.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value.
|
|
Packit Service |
4684c1 |
@end deftypefun
|