Name

gnutls_ocsp_resp_verify — API function

Synopsis

#include <gnutls/ocsp.h>
int gnutls_ocsp_resp_verify( gnutls_ocsp_resp_t resp,
  gnutls_x509_trust_list_t trustlist,
  unsigned * verify,
  int flags);
 

ARGUMENTS

gnutls_ocsp_resp_t resp

should contain a gnutls_ocsp_resp_t structure

gnutls_x509_trust_list_t trustlist

trust anchors as a gnutls_x509_trust_list_t structure

unsigned * verify

output variable with verification status, an gnutls_ocsp_cert_status_t

int flags

verification flags, 0 for now.

DESCRIPTION

Verify signature of the Basic OCSP Response against the public key in the certificate of a trusted signer. The trustlistshould be populated with trust anchors. The function will extract the signer certificate from the Basic OCSP Response and will verify it against the trustlist. A trusted signer is a certificate that is either in trustlist, or it is signed directly by a certificate in trustlistand has the id−ad−ocspSigning Extended Key Usage bit set.

The output verifyvariable will hold verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND, GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the function returned GNUTLS_E_SUCCESS.

Note that the function returns GNUTLS_E_SUCCESS even when verification failed. The caller must always inspect the verifyvariable to find out the verification status.

The flagsvariable should be 0 for now.

RETURNS

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

REPORTING BUGS

Report bugs to <bug-gnutls@gnu.org>. GnuTLS home page: http://www.gnu.org/software/gnutls/ General help using GNU software: http://www.gnu.org/gethelp/

SEE ALSO

The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command

info gnutls

should give you access to the complete manual.

COPYRIGHT

Copyright © 2012 Free Software Foundation.

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.