dane_verify_session_crt — API function

Synopsis

#include <gnutls/dane.h>

int dane_verify_session_crt(dane_state_t s, gnutls_session_t session, const char * hostname, const char * proto, unsigned int port, unsigned int sflags, unsigned int vflags, unsigned int * verify);

Arguments

dane_state_t s

A DANE state structure (may be NULL)

gnutls_session_t session

A gnutls session

const char * hostname

The hostname associated with the chain

const char * proto

The protocol of the service connecting (e.g. tcp)

unsigned int port

The port of the service connecting (e.g. 443)

unsigned int sflags

Flags for the initialization of  s (if NULL)

unsigned int vflags

Verification flags; an OR'ed list of dane_verify_flags_t.

unsigned int * verify

An OR'ed list of dane_verify_status_t.

Description

This function will verify session's certificate chain against the CA constrains and/or the certificate available via DANE. See dane_verify_crt() for more information.

This will not verify the chain for validity; unless the DANE verification is restricted to end certificates, this must be be performed separately using gnutls_certificate_verify_peers3().

Returns

a negative error code on error and DANE_E_SUCCESS (0) when the DANE entries were successfully parsed, irrespective of whether they were verified (see  verify for that information). If no usable entries were encountered DANE_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls