NAME¶
gnutls_ocsp_resp_verify - API function
SYNOPSIS¶
#include <gnutls/ocsp.h>
int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp,
gnutls_x509_trust_list_t trustlist, unsigned int *
verify, unsigned int flags);
ARGUMENTS¶
- gnutls_ocsp_resp_t resp
- should contain a gnutls_ocsp_resp_t structure
- gnutls_x509_trust_list_t trustlist
- trust anchors as a gnutls_x509_trust_list_t structure
- unsigned int * verify
- output variable with verification status, an
gnutls_ocsp_cert_status_t
- unsigned int flags
- verification flags, 0 for now.
DESCRIPTION¶
Verify signature of the Basic OCSP Response against the public key in the
certificate of a trusted signer. The
trustlist should be populated with
trust anchors. The function will extract the signer certificate from the Basic
OCSP Response and will verify it against the
trustlist . A trusted
signer is a certificate that is either in
trustlist , or it is signed
directly by a certificate in
trustlist and has the id-ad-ocspSigning Extended Key Usage bit set.
The output
verify variable will hold verification status codes (e.g.,
GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND,
GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the
function returned
GNUTLS_E_SUCCESS.
Note that the function returns
GNUTLS_E_SUCCESS even when verification
failed. The caller must always inspect the
verify variable to find out
the verification status.
The
flags variable should be 0 for now.
RETURNS¶
On success,
GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error
value.
REPORTING BUGS¶
Report bugs to <bugs@gnutls.org>.
Home page:
http://www.gnutls.org
COPYRIGHT¶
Copyright © 2001-2014 Free Software Foundation, Inc..
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.
SEE ALSO¶
The full documentation for
gnutls is maintained as a Texinfo manual. If
the /usr/share/doc/gnutls/ directory does not contain the HTML form visit
- http://www.gnutls.org/manual/