gnutls_x509_crt_check_hostname2 (3) - Linux Manuals
gnutls_x509_crt_check_hostname2: API function
NAMEgnutls_x509_crt_check_hostname2 - API function
int gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, const char * hostname, unsigned int flags);
- gnutls_x509_crt_t cert
- should contain an gnutls_x509_crt_t structure
- const char * hostname
- A null terminated string that contains a DNS name
- unsigned int flags
DESCRIPTIONThis function will check if the given certificate's subject matches the given hostname. This is a basic implementation of the matching described in RFC6125, and takes into account wildcards, and the DNSName/IPAddress subject alternative name PKIX extension.
IPv4 addresses are accepted by this function in the dotted-decimal format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative name extension is consulted, as well as the DNSNames in case of a non-match. The latter fallback exists due to misconfiguration of many servers which place an IPAddress inside the DNSName extension.
The comparison of dns names may have false-negatives as it is done byte by byte in non-ascii names.
When the flag GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS is specified no wildcards are considered. Otherwise they are only considered if the domain name consists of three components or more, and the wildcard starts at the leftmost position.
RETURNSnon-zero for a successful match, and zero on failure.
REPORTING BUGSReport bugs to <bugs [at] gnutls.org>.
Home page: http://www.gnutls.org
COPYRIGHTCopyright © 2001-2014 Free Software Foundation, Inc..
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
SEE ALSOThe full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit