Man Linux: Main Page and Category List


       gnutls_x509_crt_list_verify   -   This   function  verifies  the  given
       certificate list


       #include <gnutls/x509.h>

       int gnutls_x509_crt_list_verify(const  gnutls_x509_crt_t  *  cert_list,
       int   cert_list_length,   const   gnutls_x509_crt_t   *   CA_list,  int
       CA_list_length,    const    gnutls_x509_crl_t    *    CRL_list,     int
       CRL_list_length, unsigned int flags, unsigned int * verify);


       const gnutls_x509_crt_t * cert_list
                   is the certificate list to be verified

       int cert_list_length
                   holds the number of certificate in cert_list

       const gnutls_x509_crt_t * CA_list
                   is the CA list which will be used in verification

       int CA_list_length
                   holds the number of CA certificate in CA_list

       const gnutls_x509_crl_t * CRL_list
                   holds a list of CRLs.

       int CRL_list_length
                   the length of CRL list.

       unsigned int flags
                   Flags   that   may  be  used  to  change  the  verification
                   algorithm. Use OR  of  the  gnutls_certificate_verify_flags

       unsigned int * verify
                   will hold the certificate verification output.


       This  function will try to verify the given certificate list and return
       its status.  If no flags are specified (0), this function will use  the
       basicConstraints  (  PKIX  extension.  This means that only a
       certificate authority is allowed to sign a certificate.

       You must also check the peer’s name in order to check if  the  verified
       certificate belongs to the actual peer.

       The  certificate  verification output will be put in verify and will be
       one or more  of  the  gnutls_certificate_status_t  enumerated  elements
       bitwise   or’d.    For   a   more   detailed  verification  status  use
       gnutls_x509_crt_verify() per list element.


       the certificate chain is not valid.


       a certificate in the chain has been revoked.


       On success, GNUTLS_E_SUCCESS is returned, otherwise  a  negative  error
       value.and a negative value in case of an error.


       Report    bugs    to    <>.     GnuTLS   home   page: General help  using  GNU  software:


       Copyright © 2008 Free Software Foundation.
       Copying  and  distribution  of this file, with or without modification,
       are permitted in any medium  without  royalty  provided  the  copyright
       notice and this notice are preserved.


       The  full  documentation  for gnutls is maintained as a Texinfo manual.
       If the info and gnutls programs are properly installed  at  your  site,
       the command

              info gnutls

       should give you access to the complete manual.