gnutls_certificate_verify_peers3 (3) Linux Manual Page
gnutls_certificate_verify_peers3 – API function
Synopsis
#include <gnutls/gnutls.h> int gnutls_certificate_verify_peers3(gnutls_session_t session, const char * hostname, unsigned int * status);
Arguments
- gnutls_session_t session
- is a gnutls session
- const char * hostname
- is the expected name of the peer; may be NULL
- unsigned int * status
- is the output of the verification
Description
This function will verify the peer’s certificate and store the status in the status variable as a bitwise or’d gnutls_certificate_status_t values or zero if the certificate is trusted. Note that value in status is set only when the return value of this function is success (i.e, failure to trust a certificate does not imply a negative return value). The default verification flags used by this function can be overridden using gnutls_certificate_set_verify_flags(). See the documentation of gnutls_certificate_verify_peers2() for details in the verification process.If the hostname provided is non-NULL then this function will compare the hostname in the certificate against the given. The comparison will be accurate for ascii names; non-ascii names are compared byte-by-byte. If names do not match the GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set.
In order to verify the purpose of the end-certificate (by checking the extended key usage), use gnutls_certificate_verify_peers().
Returns
a negative error code on error and GNUTLS_E_SUCCESS (0) when the peer’s certificate was successfully parsed, irrespective of whether it was verified.Since
3.1.4Reporting Bugs
Report bugs to <bugs [at] gnutls.org>.Home page: http://www.gnutls.org
Copyright
Copyright © 2001-2014 Free Software Foundation, Inc..Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.