gnutls_ocsp_resp_verify (3) Linux Manual Page
gnutls_ocsp_resp_verify – API function
Synopsis
#include <gnutls/ocsp.h> int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp, gnutls_x509_trust_list_t trustlist, unsigned int * verify, unsigned int flags);
Arguments
- gnutls_ocsp_resp_t resp
- should contain a gnutls_ocsp_resp_t structure
- gnutls_x509_trust_list_t trustlist
- trust anchors as a gnutls_x509_trust_list_t structure
- unsigned int * verify
- output variable with verification status, an gnutls_ocsp_cert_status_t
- unsigned int flags
- verification flags, 0 for now.
Description
Verify signature of the Basic OCSP Response against the public key in the certificate of a trusted signer. The trustlist should be populated with trust anchors. The function will extract the signer certificate from the Basic OCSP Response and will verify it against the trustlist . A trusted signer is a certificate that is either in trustlist , or it is signed directly by a certificate inThe output verify variable will hold verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND, GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the function returned GNUTLS_E_SUCCESS.
Note that the function returns GNUTLS_E_SUCCESS even when verification failed. The caller must always inspect the verify variable to find out the verification status.
The flags variable should be 0 for now.
Returns
On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.Reporting Bugs
Report bugs to <bugs [at] gnutls.org>.Home page: http://www.gnutls.org
Copyright
Copyright © 2001-2014 Free Software Foundation, Inc..Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.