gnutls_x509_name_constraints_check_crt — API function

Synopsis

#include <gnutls/x509.h>

unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc, gnutls_x509_subject_alt_name_t type, gnutls_x509_crt_t cert);

Arguments

gnutls_x509_name_constraints_t nc

the extracted name constraints

gnutls_x509_subject_alt_name_t type

the type of the constraint to check (of type gnutls_x509_subject_alt_name_t)

gnutls_x509_crt_t cert

the certificate to be checked

Description

This function will check the provided certificate names against the constraints in
nc using the RFC5280 rules. It will traverse all the certificate's names and alternative names.

Currently this function is limited to DNS names and emails (of type GNUTLS_SAN_DNSNAME and GNUTLS_SAN_RFC822NAME).

Returns

zero if the provided name is not acceptable, and non-zero otherwise.

Since

3.3.0

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

https://www.gnutls.org/manual/

Info

3.6.9 gnutls