gnutls_ocsp_resp_verify_direct — API function

Synopsis

#include <gnutls/ocsp.h>

int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp, gnutls_x509_crt_t issuer, unsigned int * verify, unsigned int flags);

Arguments

gnutls_ocsp_resp_t resp

should contain a gnutls_ocsp_resp_t type

gnutls_x509_crt_t issuer

certificate believed to have signed the response

unsigned int * verify

output variable with verification status, an gnutls_ocsp_verify_reason_t

unsigned int flags

verification flags from gnutls_certificate_verify_flags

Description

Verify signature of the Basic OCSP Response against the public key in the  issuer certificate.

The output  verify variable will hold verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND, GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the function returned GNUTLS_E_SUCCESS.

Note that the function returns GNUTLS_E_SUCCESS even when verification failed.  The caller must always inspect the  verify variable to find out the verification status.

The  flags variable should be 0 for now.

Returns

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls