|
Packit Service |
4684c1 |
.\" DO NOT MODIFY THIS FILE! It was generated by gdoc.
|
|
Packit Service |
4684c1 |
.TH "gnutls_x509_trust_list_verify_crt2" 3 "3.6.14" "gnutls" "gnutls"
|
|
Packit Service |
4684c1 |
.SH NAME
|
|
Packit Service |
4684c1 |
gnutls_x509_trust_list_verify_crt2 \- API function
|
|
Packit Service |
4684c1 |
.SH SYNOPSIS
|
|
Packit Service |
4684c1 |
.B #include <gnutls/x509.h>
|
|
Packit Service |
4684c1 |
.sp
|
|
Packit Service |
4684c1 |
.BI "int gnutls_x509_trust_list_verify_crt2(gnutls_x509_trust_list_t " list ", gnutls_x509_crt_t * " cert_list ", unsigned int " cert_list_size ", gnutls_typed_vdata_st * " data ", unsigned int " elements ", unsigned int " flags ", unsigned int * " voutput ", gnutls_verify_output_function " func ");"
|
|
Packit Service |
4684c1 |
.SH ARGUMENTS
|
|
Packit Service |
4684c1 |
.IP "gnutls_x509_trust_list_t list" 12
|
|
Packit Service |
4684c1 |
The list
|
|
Packit Service |
4684c1 |
.IP "gnutls_x509_crt_t * cert_list" 12
|
|
Packit Service |
4684c1 |
is the certificate list to be verified
|
|
Packit Service |
4684c1 |
.IP "unsigned int cert_list_size" 12
|
|
Packit Service |
4684c1 |
is the certificate list size
|
|
Packit Service |
4684c1 |
.IP "gnutls_typed_vdata_st * data" 12
|
|
Packit Service |
4684c1 |
an array of typed data
|
|
Packit Service |
4684c1 |
.IP "unsigned int elements" 12
|
|
Packit Service |
4684c1 |
the number of data elements
|
|
Packit Service |
4684c1 |
.IP "unsigned int flags" 12
|
|
Packit Service |
4684c1 |
Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
|
|
Packit Service |
4684c1 |
.IP "unsigned int * voutput" 12
|
|
Packit Service |
4684c1 |
will hold the certificate verification output.
|
|
Packit Service |
4684c1 |
.IP "gnutls_verify_output_function func" 12
|
|
Packit Service |
4684c1 |
If non\-null will be called on each chain element verification with the output.
|
|
Packit Service |
4684c1 |
.SH "DESCRIPTION"
|
|
Packit Service |
4684c1 |
This function will attempt to verify the given certificate chain and return
|
|
Packit Service |
4684c1 |
its status. The \fIvoutput\fP parameter will hold an OR'ed sequence of
|
|
Packit Service |
4684c1 |
\fBgnutls_certificate_status_t\fP flags.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
When a certificate chain of \fIcert_list_size\fP with more than one certificates is
|
|
Packit Service |
4684c1 |
provided, the verification status will apply to the first certificate in the chain
|
|
Packit Service |
4684c1 |
that failed verification. The verification process starts from the end of the chain
|
|
Packit Service |
4684c1 |
(from CA to end certificate). The first certificate in the chain must be the end\-certificate
|
|
Packit Service |
4684c1 |
while the rest of the members may be sorted or not.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Additionally a certificate verification profile can be specified
|
|
Packit Service |
4684c1 |
from the ones in \fBgnutls_certificate_verification_profiles_t\fP by
|
|
Packit Service |
4684c1 |
ORing the result of \fBGNUTLS_PROFILE_TO_VFLAGS()\fP to the verification
|
|
Packit Service |
4684c1 |
flags.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
Additional verification parameters are possible via the \fIdata\fP types; the
|
|
Packit Service |
4684c1 |
acceptable types are \fBGNUTLS_DT_DNS_HOSTNAME\fP, \fBGNUTLS_DT_IP_ADDRESS\fP and \fBGNUTLS_DT_KEY_PURPOSE_OID\fP.
|
|
Packit Service |
4684c1 |
The former accepts as data a null\-terminated hostname, and the latter a null\-terminated
|
|
Packit Service |
4684c1 |
object identifier (e.g., \fBGNUTLS_KP_TLS_WWW_SERVER\fP).
|
|
Packit Service |
4684c1 |
If a DNS hostname is provided then this function will compare
|
|
Packit Service |
4684c1 |
the hostname in the end certificate against the given. If names do not match the
|
|
Packit Service |
4684c1 |
\fBGNUTLS_CERT_UNEXPECTED_OWNER\fP status flag will be set. In addition it
|
|
Packit Service |
4684c1 |
will consider certificates provided with \fBgnutls_x509_trust_list_add_named_crt()\fP.
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
If a key purpose OID is provided and the end\-certificate contains the extended key
|
|
Packit Service |
4684c1 |
usage PKIX extension, it will be required to match the provided OID
|
|
Packit Service |
4684c1 |
or be marked for any purpose, otherwise verification will fail with
|
|
Packit Service |
4684c1 |
\fBGNUTLS_CERT_PURPOSE_MISMATCH\fP status.
|
|
Packit Service |
4684c1 |
.SH "RETURNS"
|
|
Packit Service |
4684c1 |
On success, \fBGNUTLS_E_SUCCESS\fP (0) is returned, otherwise a
|
|
Packit Service |
4684c1 |
negative error value. Note that verification failure will not result to an
|
|
Packit Service |
4684c1 |
error code, only \fIvoutput\fP will be updated.
|
|
Packit Service |
4684c1 |
.SH "SINCE"
|
|
Packit Service |
4684c1 |
3.3.8
|
|
Packit Service |
4684c1 |
.SH "REPORTING BUGS"
|
|
Packit Service |
4684c1 |
Report bugs to <bugs@gnutls.org>.
|
|
Packit Service |
4684c1 |
.br
|
|
Packit Service |
4684c1 |
Home page: https://www.gnutls.org
|
|
Packit Service |
4684c1 |
|
|
Packit Service |
4684c1 |
.SH COPYRIGHT
|
|
Packit Service |
4684c1 |
Copyright \(co 2001- Free Software Foundation, Inc., and others.
|
|
Packit Service |
4684c1 |
.br
|
|
Packit Service |
4684c1 |
Copying and distribution of this file, with or without modification,
|
|
Packit Service |
4684c1 |
are permitted in any medium without royalty provided the copyright
|
|
Packit Service |
4684c1 |
notice and this notice are preserved.
|
|
Packit Service |
4684c1 |
.SH "SEE ALSO"
|
|
Packit Service |
4684c1 |
The full documentation for
|
|
Packit Service |
4684c1 |
.B gnutls
|
|
Packit Service |
4684c1 |
is maintained as a Texinfo manual.
|
|
Packit Service |
4684c1 |
If the /usr/share/doc/gnutls/
|
|
Packit Service |
4684c1 |
directory does not contain the HTML form visit
|
|
Packit Service |
4684c1 |
.B
|
|
Packit Service |
4684c1 |
.IP https://www.gnutls.org/manual/
|
|
Packit Service |
4684c1 |
.PP
|