FreeBSD Manual Pages

home | help

gnutls_certificate_verify_peers2(3) gnutls gnutls_certificate_verify_peers2(3)

NAME
       gnutls_certificate_verify_peers2	- API function

SYNOPSIS
       #include	<gnutls/gnutls.h>

       int gnutls_certificate_verify_peers2(gnutls_session_t session, unsigned
       int * status);

ARGUMENTS
       gnutls_session_t	session
		   is a	gnutls session

       unsigned	int * status
		   is the output of the	verification

DESCRIPTION
       This  function  will verify the peer's certificate and store the	status
       in the  status variable as a bitwise OR of  gnutls_certificate_status_t
       values  or zero if the certificate is trusted. Note that	value in  sta-
       tus is set only when the	return value of	this function is success (i.e,
       failure to trust	a certificate does not imply a negative	return value).
       The default verification	flags used by this function can	be  overridden
       using gnutls_certificate_set_verify_flags().

       This function will take into account the	stapled	OCSP responses sent by
       the server, as well as the following X.509 certificate extensions: Name
       Constraints, Key	Usage, and Basic Constraints (pathlen).

       Note  that you must also	check the peer's name in order to check	if the
       verified	  certificate	belongs	   to	 the	actual	  peer,	   see
       gnutls_x509_crt_check_hostname(),    or	 use   gnutls_certificate_ver-
       ify_peers3().

       To avoid	denial of service attacks some default upper limits  regarding
       the  certificate	 key size and chain size are set. To override them use
       gnutls_certificate_set_verify_limits().

       Note that when using raw	public-keys verification will not work because
       there is	no corresponding certificate body belonging  to	 the  raw  key
       that   can  be  verified.  In  that  case  this	function  will	return
       GNUTLS_E_INVALID_REQUEST.

RETURNS
       GNUTLS_E_SUCCESS	(0) when the validation	is performed,  or  a  negative
       error  code  otherwise.	A successful error code	means that the	status
       parameter must be checked to obtain the validation status.

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT
       Copyright (C) 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution	of this	file, with  or	without	 modification,
       are  permitted in any medium without royalty provided the copyright no-
       tice and	this notice are	preserved.

SEE ALSO
       The full	documentation for gnutls is maintained as  a  Texinfo  manual.
       If the /usr/local/share/doc/gnutls/ directory does not contain the HTML
       form visit

       https://www.gnutls.org/manual/

gnutls				     3.8.9 gnutls_certificate_verify_peers2(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=gnutls_certificate_verify_peers2&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help

Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages