Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
gnutls_x509_crt_check_hostname2(3)  gnutls  gnutls_x509_crt_check_hostname2(3)

NAME
       gnutls_x509_crt_check_hostname2 - API function

SYNOPSIS
       #include	<gnutls/x509.h>

       unsigned	 gnutls_x509_crt_check_hostname2(gnutls_x509_crt_t cert, const
       char * hostname,	unsigned int flags);

ARGUMENTS
       gnutls_x509_crt_t cert
		   should contain an gnutls_x509_crt_t type

       const char * hostname
		   A null terminated string that contains a DNS	name

       unsigned	int flags
		   gnutls_certificate_verify_flags

DESCRIPTION
       This function will check	if the given certificate's subject matches the
       given hostname.	This is	a basic	implementation	of  the	 matching  de-
       scribed	 in  RFC6125,  and  takes  into	 account  wildcards,  and  the
       DNSName/IPAddress subject alternative name PKIX extension.

       IPv4 addresses are accepted by this function in the dotted-decimal for-
       mat (e.g, ddd.ddd.ddd.ddd),  and	 IPv6  addresses  in  the  hexadecimal
       x:x:x:x:x:x:x:x format. For them	the IPAddress subject alternative name
       extension is consulted. Previous	versions to 3.6.0 of GnuTLS in case of
       a non-match would consult (in a non-standard extension) the DNSname and
       CN fields. This is no longer the	case.

       When  the  flag	GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS  is  specified no
       wildcards are considered. Otherwise they	are only considered if the do-
       main name consists of three components or more, and the wildcard	starts
       at the  leftmost	 position.   When  the	flag  GNUTLS_VERIFY_DO_NOT_AL-
       LOW_IP_MATCHES  is  specified, the input	will be	treated	as a DNS name,
       and matching of textual IP addresses against the	IPAddress part of  the
       alternative name	will not be allowed.

       The  function  gnutls_x509_crt_check_ip()  is available for matching IP
       addresses.

RETURNS
       non-zero	for a successful match,	and zero on failure.

SINCE
       3.3.0

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org

COPYRIGHT
       Copyright (C) 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution	of this	file, with  or	without	 modification,
       are  permitted in any medium without royalty provided the copyright no-
       tice and	this notice are	preserved.

SEE ALSO
       The full	documentation for gnutls is maintained as  a  Texinfo  manual.
       If the /usr/local/share/doc/gnutls/ directory does not contain the HTML
       form visit

       https://www.gnutls.org/manual/

gnutls				     3.8.9  gnutls_x509_crt_check_hostname2(3)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=gnutls_x509_crt_check_hostname2&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>

home | help