gnutls_x509_crl_verify — API function


#include <gnutls/x509.h>
int gnutls_x509_crl_verify( gnutls_x509_crl_t crl,
  const gnutls_x509_crt_t * trusted_cas,
  int tcas_size,
  unsigned int flags,
  unsigned int * verify);


gnutls_x509_crl_t crl

is the crl to be verified

const gnutls_x509_crt_t * trusted_cas

is a certificate list that is considered to be trusted one

int tcas_size

holds the number of CA certificates in CA_list

unsigned int flags

Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations.

unsigned int * verify

will hold the crl verification output.


This function will try to verify the given crl and return its verification status. See gnutls_x509_crt_list_verify() for a detailed description of return values. Note that since GnuTLS 3.1.4 this function includes the time checks.

Note that value in verify is set only when the return value of this function is success (i.e, failure to trust a CRL a certificate does not imply a negative return value).


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.


Report bugs to <>.

General guidelines for reporting bugs:

GnuTLS home page:


The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command

info gnutls

should give you access to the complete manual. As an alternative you may obtain the manual from:


Copyright © 2001-2013 Free Software Foundation, Inc..

Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.