|
|
gnutls_ocsp_resp_verify — API function
#include <gnutls/ocsp.h>
int
gnutls_ocsp_resp_verify( |
gnutls_ocsp_resp_t resp, |
| gnutls_x509_trust_list_t trustlist, | |
| unsigned int * verify, | |
unsigned int flags); |
should contain a gnutls_ocsp_resp_t structure
trust anchors as a gnutls_x509_trust_list_t structure
output variable with verification status, an gnutls_ocsp_cert_status_t
verification flags, 0 for now.
Verify signature of the Basic OCSP Response against the
public key in the certificate of a trusted signer. The
trustlist should be
populated with trust anchors. The function will extract the
signer certificate from the Basic OCSP Response and will
verify it against the trustlist . A trusted signer is
a certificate that is either in trustlist , or it is signed
directly by a certificate in trustlist and has the
id−ad−ocspSigning Extended Key Usage bit set.
The output verify
variable will hold verification status codes (e.g.,
GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND,
GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM)
which are only valid if the function returned GNUTLS_E_SUCCESS.
Note that the function returns GNUTLS_E_SUCCESS even when verification
failed. The caller must always inspect the verify variable to find out the
verification status.
The flags variable
should be 0 for now.
Report bugs to <bug-gnutls@gnu.org>.
General guidelines for reporting bugs: http://www.gnu.org/gethelp/
GnuTLS home page: http://www.gnu.org/software/gnutls/
The full documentation for gnutls is maintained as a Texinfo manual. If the info and gnutls programs are properly installed at your site, the command
info gnutls
should give you access to the complete manual. As an alternative you may obtain the manual from:
| COPYRIGHT |
|---|
|
Copyright © 2001-2013 Free Software Foundation, Inc.. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved. |