FreeBSD manual
download PDF document: gnutls_ocsp_resp_verify.3.pdf
gnutls_ocsp_resp_verify(3) gnutls gnutls_ocsp_resp_verify(3)
NAME
gnutls_ocsp_resp_verify - API function
SYNOPSIS
#include <gnutls/ocsp.h>
int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp,
gnutls_x509_trust_list_t trustlist, unsigned int * verify, unsigned int
flags);
ARGUMENTS
gnutls_ocsp_resp_const_t resp
should contain a gnutls_ocsp_resp_t type
gnutls_x509_trust_list_t trustlist
trust anchors as a gnutls_x509_trust_list_t type
unsigned int * verify
output variable with verification status, an
gnutls_ocsp_verify_reason_t
unsigned int flags
verification flags from gnutls_certificate_verify_flags
DESCRIPTION
Verify signature of the Basic OCSP Response against the public key in
the certificate of a trusted signer. The trustlist should be
populated with trust anchors. The function will extract the signer
certificate from the Basic OCSP Response and will verify it against the
trustlist . A trusted signer is a certificate that is either in
trustlist , or it is signed directly by a certificate in
trustlist and has the id-ad-ocspSigning Extended Key Usage bit set.
The output verify variable will hold verification status codes (e.g.,
GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND,
GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the
function returned GNUTLS_E_SUCCESS.
Note that the function returns GNUTLS_E_SUCCESS even when verification
failed. The caller must always inspect the verify variable to find
out the verification status.
The flags variable should be 0 for now.
RETURNS
On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative
error value.
REPORTING BUGS
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
COPYRIGHT
Copyright (C) 2001- Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification,
are permitted in any medium without royalty provided the copyright
https://www.gnutls.org/manual/
gnutls 3.7.9 gnutls_ocsp_resp_verify(3)