gnutls_x509_name_constraints_check_crt — API function
Synopsis
#include <gnutls/x509.h>
unsigned gnutls_x509_name_constraints_check_crt(gnutls_x509_name_constraints_t nc, gnutls_x509_subject_alt_name_t type, gnutls_x509_crt_t cert);
Arguments
- gnutls_x509_name_constraints_t nc
the extracted name constraints
- gnutls_x509_subject_alt_name_t type
the type of the constraint to check (of type gnutls_x509_subject_alt_name_t)
- gnutls_x509_crt_t cert
the certificate to be checked
Description
This function will check the provided certificate names against the constraints in
nc using the RFC5280 rules. It will traverse all the certificate's names and alternative names.
Currently this function is limited to DNS names and emails (of type GNUTLS_SAN_DNSNAME and GNUTLS_SAN_RFC822NAME).
Returns
zero if the provided name is not acceptable, and non-zero otherwise.
Since
3.3.0
Reporting Bugs
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
Copyright
Copyright © 2001-2019 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
See Also
The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit