gnutls_ocsp_resp_verify (3) - Linux Manuals

gnutls_ocsp_resp_verify: API function

Command to display gnutls_ocsp_resp_verify manual in Linux: $ man 3 gnutls_ocsp_resp_verify

NAME

gnutls_ocsp_resp_verify - API function

SYNOPSIS

#include <gnutls/ocsp.h>

int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_t resp, gnutls_x509_trust_list_t trustlist, unsigned int * verify, unsigned int flags);

ARGUMENTS

gnutls_ocsp_resp_t resp: should contain a gnutls_ocsp_resp_t structure
gnutls_x509_trust_list_t trustlist: trust anchors as a gnutls_x509_trust_list_t structure
unsigned int * verify: output variable with verification status, an gnutls_ocsp_cert_status_t
unsigned int flags: verification flags, 0 for now.

DESCRIPTION

Verify signature of the Basic OCSP Response against the public key in the certificate of a trusted signer. The trustlist should be populated with trust anchors. The function will extract the signer certificate from the Basic OCSP Response and will verify it against the trustlist . A trusted signer is a certificate that is either in trustlist , or it is signed directly by a certificate in
trustlist and has the id-ad-ocspSigning Extended Key Usage bit set.

The output verify variable will hold verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND, GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the function returned GNUTLS_E_SUCCESS.

Note that the function returns GNUTLS_E_SUCCESS even when verification failed. The caller must always inspect the verify variable to find out the verification status.

The flags variable should be 0 for now.

RETURNS

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

REPORTING BUGS

Report bugs to <bugs [at] gnutls.org>.
Home page: http://www.gnutls.org

COPYRIGHT

Copyright © 2001-2014 Free Software Foundation, Inc..
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.