gnutls_certificate_verify_peers2 — This function returns the peer's certificate verification status
#include <gnutls/gnutls.h>
int
gnutls_certificate_verify_peers2( |
gnutls_session_t | session, |
unsigned int * | status) ; |
is a gnutls session
is the output of the verification
This function will try to verify the peer's certificate
and return its status (trusted, invalid etc.). The value of
status
should be one
or more of the gnutls_certificate_status_t enumerated
elements bitwise or'd. To avoid denial of service attacks
some default upper limits regarding the certificate key size
and chain size are set. To override them use gnutls_certificate_set_verify_limits()
.
Note that you must also check the peer's name in order to check if the verified certificate belongs to the actual peer.
Returns a negative error code on error and zero on success.
This is the same as gnutls_x509_verify_certificate()
and uses the loaded CAs in the credentials as trusted
CAs.
Note that some commonly used X.509 Certificate Authorities
are still using Version 1 certificates. If you want to accept
them, you need to call gnutls_certificate_set_verify_flags()
with, e.g., GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT
parameter.
The full documentation for gnutls
is maintained as a
Texinfo manual. If the info
and gnutls
programs are properly
installed at your site, the command
info gnutls
should give you access to the complete manual.
COPYRIGHT |
---|
Copyright © 2006, 2007 Free Software Foundation. Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. |