dane_verify_crt_raw

dane_verify_crt_raw(3)               gnutls               dane_verify_crt_raw(3)



NAME
       dane_verify_crt_raw - API function

SYNOPSIS
       #include <gnutls/dane.h>

       int dane_verify_crt_raw(dane_state_t s, const gnutls_datum_t * chain,
       unsigned chain_size, gnutls_certificate_type_t chain_type, dane_query_t
       r, unsigned int sflags, unsigned int vflags, unsigned int * verify);

ARGUMENTS
       dane_state_t s
                   A DANE state structure (may be NULL)

       const gnutls_datum_t * chain
                   A certificate chain

       unsigned chain_size
                   The size of the chain

       gnutls_certificate_type_t chain_type
                   The type of the certificate chain

       dane_query_t r
                   DANE data to check against

       unsigned int sflags
                   Flags for the the initialization of  s (if NULL)

       unsigned int vflags
                   Verification flags; an OR'ed list of dane_verify_flags_t.

       unsigned int * verify
                   An OR'ed list of dane_verify_status_t.

DESCRIPTION
       This function will verify the given certificate chain against the CA
       constrains and/or the certificate available via DANE.  If no information
       via DANE can be obtained the flag DANE_VERIFY_NO_DANE_INFO is set. If a
       DNSSEC signature is not available for the DANE record then the verify
       flag DANE_VERIFY_NO_DNSSEC_DATA is set.

       Due to the many possible options of DANE, there is no single threat model
       countered. When notifying the user about DANE verification results it may
       be better to mention: DANE verification did not reject the certificate,
       rather than mentioning a successful DANE verication.

       Note that this function is designed to be run in addition to PKIX -
       certificate chain - verification. To be run independently the
       DANE_VFLAG_ONLY_CHECK_EE_USAGE flag should be specified; then the
       function will check whether the key of the peer matches the key
       advertized in the DANE entry.

       If the  q parameter is provided it will be used for caching entries.

RETURNS
       On success, DANE_E_SUCCESS (0) is returned, otherwise a negative error
       value.

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: http://www.gnutls.org


COPYRIGHT
       Copyright © 2001-2016 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are
       permitted in any medium without royalty provided the copyright notice and
       this notice are preserved.

SEE ALSO
       The full documentation for gnutls is maintained as a Texinfo manual.  If
       the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       http://www.gnutls.org/manual/

gnutls                               3.4.11               dane_verify_crt_raw(3)