|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@deftypefun {unsigned} {gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags})
|
|
Packit |
aea12f |
@var{cert}: should contain an gnutls_x509_crt_t type
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{hostname}: A null terminated string that contains a DNS name
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@var{flags}: gnutls_certificate_verify_flags
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
This function will check if the given certificate's subject matches
|
|
Packit |
aea12f |
the given hostname. This is a basic implementation of the matching
|
|
Packit |
aea12f |
described in RFC6125, and takes into account wildcards,
|
|
Packit |
aea12f |
and the DNSName/IPAddress subject alternative name PKIX extension.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
IPv4 addresses are accepted by this function in the dotted-decimal
|
|
Packit |
aea12f |
format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal
|
|
Packit |
aea12f |
x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative
|
|
Packit |
aea12f |
name extension is consulted. Previous versions to 3.6.0 of GnuTLS
|
|
Packit |
aea12f |
in case of a non-match would consult (in a non-standard extension)
|
|
Packit |
aea12f |
the DNSname and CN fields. This is no longer the case.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS} is specified no
|
|
Packit |
aea12f |
wildcards are considered. Otherwise they are only considered if the
|
|
Packit |
aea12f |
domain name consists of three components or more, and the wildcard
|
|
Packit |
aea12f |
starts at the leftmost position.
|
|
Packit |
aea12f |
When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES} is specified,
|
|
Packit |
aea12f |
the input will be treated as a DNS name, and matching of textual IP addresses
|
|
Packit |
aea12f |
against the IPAddress part of the alternative name will not be allowed.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
The function @code{gnutls_x509_crt_check_ip()} is available for matching
|
|
Packit |
aea12f |
IP addresses.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Returns:} non-zero for a successful match, and zero on failure.
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
@strong{Since:} 3.3.0
|
|
Packit |
aea12f |
@end deftypefun
|