gnutls_pkcs7_verify_direct — API function

Synopsis

#include <gnutls/pkcs7.h>

int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t signer, unsigned idx, const gnutls_datum_t * data, unsigned flags);

Arguments

gnutls_pkcs7_t pkcs7

should contain a gnutls_pkcs7_t type

gnutls_x509_crt_t signer

the certificate believed to have signed the structure

unsigned idx

the index of the signature info to check

const gnutls_datum_t * data

The data to be verified or NULL

unsigned flags

Zero or an OR list of gnutls_certificate_verify_flags

Description

This function will verify the provided data against the signature present in the SignedData of the PKCS 7 structure. If the data provided are NULL then the data in the encapsulatedContent field will be used instead.

Note that, unlike gnutls_pkcs7_verify() this function does not verify the key purpose of the signer. It is expected for the caller to verify the intended purpose of the signer -e.g., via gnutls_x509_crt_get_key_purpose_oid(), or gnutls_x509_crt_check_key_purpose().

Note also, that since GnuTLS 3.5.6 this function introduces checks in the end certificate ( signer ), including time checks and key usage checks.

Returns

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. A verification error results to a GNUTLS_E_PK_SIG_VERIFY_FAILED and the lack of encapsulated data to verify to a GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.

Since

3.4.2

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls