gnutls_x509_crt_list_verify — This function verifies the given certificate list
#include <gnutls/x509.h>
int gnutls_x509_crt_list_verify( |
const gnutls_x509_crt_t * cert_list, |
int cert_list_length, | |
const gnutls_x509_crt_t * CA_list, | |
int CA_list_length, | |
const gnutls_x509_crl_t * CRL_list, | |
int CRL_list_length, | |
unsigned int flags, | |
unsigned int * verify) ; |
is the certificate list to be verified
holds the number of certificate in cert_list
is the CA list which will be used in verification
holds the number of CA certificate in CA_list
holds a list of CRLs.
the length of CRL list.
Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.
will hold the certificate verification output.
This function will try to verify the given certificate list and return its status. If no flags are specified (0), this function will use the basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate authority is allowed to sign a certificate.
You must also check the peer's name in order to check if the verified certificate belongs to the actual peer.
The certificate verification output will be put in
verify
and will be
one or more of the gnutls_certificate_status_t enumerated
elements bitwise or'd. For a more detailed verification
status use gnutls_x509_crt_verify
() per list
element.
Report bugs to <[email protected]>. GnuTLS home page: http://www.gnu.org/software/gnutls/ General help using GNU software: http://www.gnu.org/gethelp/
The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual.
COPYRIGHT |
---|
Copyright © 2008 Free Software Foundation. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |