Функции API (API function)
Имя (Name)
gnutls_ocsp_resp_verify - API function
Синопсис (Synopsis)
#include <gnutls/ocsp.h>
int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp,
gnutls_x509_trust_list_t trustlist, unsigned int * verify,
unsigned int flags);
Аргументы (Arguments)
gnutls_ocsp_resp_const_t resp
should contain a gnutls_ocsp_resp_t type
gnutls_x509_trust_list_t trustlist
trust anchors as a gnutls_x509_trust_list_t type
unsigned int * verify
output variable with verification status, an
gnutls_ocsp_verify_reason_t
unsigned int flags
verification flags from
gnutls_certificate_verify_flags
Описание (Description)
Verify signature of the Basic OCSP Response against the public
key in the certificate of a trusted signer. The trustlist
should be populated with trust anchors. The function will
extract the signer certificate from the Basic OCSP Response and
will verify it against the trustlist . A trusted signer is a
certificate that is either in trustlist , or it is signed
directly by a certificate in
trustlist and has the id-ad-ocspSigning Extended Key Usage bit
set.
The output verify variable will hold verification status codes
(e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND,
GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if
the function returned GNUTLS_E_SUCCESS.
Note that the function returns GNUTLS_E_SUCCESS even when
verification failed. The caller must always inspect the verify
variable to find out the verification status.
The flags variable should be 0 for now.
Возвращаемое значение (Return value)
On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a
negative error value.
Сообщение об ошибках (Reporting bugs)
Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org
Смотри также (See also)
The full documentation for gnutls is maintained as a Texinfo
manual. If the /usr/share/doc/gnutls/ directory does not contain
the HTML form visit
https://www.gnutls.org/manual/
