gnutls_pkcs7_verify_direct - API function
int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
gnutls_x509_crt_t signer, unsigned idx, const
gnutls_datum_t * data, unsigned flags);
- gnutls_pkcs7_t pkcs7
- should contain a gnutls_pkcs7_t type
- gnutls_x509_crt_t signer
- the certificate believed to have signed the structure
- unsigned idx
- the index of the signature info to check
- const gnutls_datum_t * data
- The data to be verified or NULL
- unsigned flags
- Zero or an OR list of gnutls_certificate_verify_flags
This function will verify the provided data against the signature present in the
SignedData of the PKCS 7
structure. If the data provided are NULL then
the data in the encapsulatedContent field will be used instead.
Note that, unlike gnutls_pkcs7_verify()
this function does not verify the
key purpose of the signer. It is expected for the caller to verify the
intended purpose of the signer
Note also, that since GnuTLS 3.5.6 this function introduces checks in the end
certificate ( signer
), including time checks and key usage checks.
On success, GNUTLS_E_SUCCESS
(0) is returned, otherwise a negative error
value. A verification error results to a GNUTLS_E_PK_SIG_VERIFY_FAILED
and the lack of encapsulated data to verify to a
Report bugs to <firstname.lastname@example.org>.
Home page: https://www.gnutls.org
Copyright © 2001-2019 Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are
permitted in any medium without royalty provided the copyright notice and this
notice are preserved.
The full documentation for gnutls
is maintained as a Texinfo manual. If
the /usr/share/doc/gnutls/ directory does not contain the HTML form visit