NAME¶
gnutls_pkcs11_crt_is_known - API function
SYNOPSIS¶
#include <gnutls/pkcs11.h>
int gnutls_pkcs11_crt_is_known(const char * url,
gnutls_x509_crt_t cert, unsigned int flags);
ARGUMENTS¶
- const char * url
- A PKCS 11 url identifying a token
- gnutls_x509_crt_t cert
- is the certificate to find issuer for
- unsigned int flags
- Use zero or flags from GNUTLS_PKCS11_OBJ_FLAG.
DESCRIPTION¶
This function will check whether the provided certificate is stored in the
specified token. This is useful in combination with
GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED, to check whether a CA is
present or a certificate is blacklisted in a trust PKCS
11 module.
This function can be used with a
url of "pkcs11:", and in that
case all modules will be searched. To restrict the modules to the marked as
trusted in p11-kit use the
GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.
Note that the flag
GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is specific
to p11-kit trust modules.
RETURNS¶
If the certificate exists non-zero is returned, otherwise zero.
SINCE¶
3.3.0
REPORTING BUGS¶
Report bugs to <bugs@gnutls.org>.
Home page:
http://www.gnutls.org
COPYRIGHT¶
Copyright © 2001-2014 Free Software Foundation, Inc..
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.
SEE ALSO¶
The full documentation for
gnutls is maintained as a Texinfo manual. If
the /usr/share/doc/gnutls/ directory does not contain the HTML form visit
- http://www.gnutls.org/manual/