gnutls_ocsp_resp_verify — API function
#include <gnutls/ocsp.h>
int
gnutls_ocsp_resp_verify( |
gnutls_ocsp_resp_t resp, |
gnutls_x509_trust_list_t trustlist, | |
unsigned * verify, | |
int flags) ; |
should contain a gnutls_ocsp_resp_t structure
trust anchors as a gnutls_x509_trust_list_t structure
output variable with verification status, an gnutls_ocsp_cert_status_t
verification flags, 0 for now.
Verify signature of the Basic OCSP Response against the
public key in the certificate of a trusted signer. The
trustlist
should be
populated with trust anchors. The function will extract the
signer certificate from the Basic OCSP Response and will
verify it against the trustlist
. A trusted signer is
a certificate that is either in trustlist
, or it is signed
directly by a certificate in trustlist
and has the
id−ad−ocspSigning Extended Key Usage bit set.
The output verify
variable will hold
verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND
,
GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM
)
which are only valid if the function returned GNUTLS_E_SUCCESS.
Note that the function returns GNUTLS_E_SUCCESS even when verification
failed. The caller must always inspect the verify
variable to find out the
verification status.
The flags
variable
should be 0 for now.
Report bugs to <bug-gnutls@gnu.org>. GnuTLS home page: http://www.gnu.org/software/gnutls/ General help using GNU software: http://www.gnu.org/gethelp/
The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual.
COPYRIGHT |
---|
Copyright © 2012 Free Software Foundation. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |