Name

gnutls_ocsp_resp_verify_direct — API function

Synopsis

#include <gnutls/ocsp.h>
int gnutls_ocsp_resp_verify_direct( gnutls_ocsp_resp_t resp,
  gnutls_x509_crt_t signercert,
  unsigned * verify,
  int flags);
 

ARGUMENTS

gnutls_ocsp_resp_t resp

should contain a gnutls_ocsp_resp_t structure

gnutls_x509_crt_t signercert

certificate believed to have signed the response

unsigned * verify

output variable with verification status, an gnutls_ocsp_cert_status_t

int flags

verification flags, 0 for now.

DESCRIPTION

Verify signature of the Basic OCSP Response against the public key in the signercertcertificate.

The output verifyvariable will hold verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND, GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the function returned GNUTLS_E_SUCCESS.

Note that the function returns GNUTLS_E_SUCCESS even when verification failed. The caller must always inspect the verifyvariable to find out the verification status.

The flagsvariable should be 0 for now.

RETURNS

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

REPORTING BUGS

Report bugs to <bug-gnutls@gnu.org>. GnuTLS home page: http://www.gnu.org/software/gnutls/ General help using GNU software: http://www.gnu.org/gethelp/

SEE ALSO

The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command

info gnutls

should give you access to the complete manual.

COPYRIGHT

Copyright © 2012 Free Software Foundation.

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.