gnutls_x509_crt_list_verify — API function

Synopsis

#include <gnutls/x509.h>

int gnutls_x509_crt_list_verify(const gnutls_x509_crt_t * cert_list, unsigned cert_list_length, const gnutls_x509_crt_t * CA_list, unsigned CA_list_length, const gnutls_x509_crl_t * CRL_list, unsigned CRL_list_length, unsigned int flags, unsigned int * verify);

Arguments

const gnutls_x509_crt_t * cert_list

is the certificate list to be verified

unsigned cert_list_length

holds the number of certificate in cert_list

const gnutls_x509_crt_t * CA_list

is the CA list which will be used in verification

unsigned CA_list_length

holds the number of CA certificate in CA_list

const gnutls_x509_crl_t * CRL_list

holds a list of CRLs.

unsigned CRL_list_length

the length of CRL list.

unsigned int flags

Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.

unsigned int * verify

will hold the certificate verification output.

Description

This function will try to verify the given certificate list and return its status. The details of the verification are the same as in gnutls_x509_trust_list_verify_crt2().

You must check the peer's name in order to check if the verified certificate belongs to the actual peer.

The certificate verification output will be put in  verify and will be one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd.  For a more detailed verification status use gnutls_x509_crt_verify() per list element.

Returns

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls