gnutls_ocsp_resp_verify

gnutls_ocsp_resp_verify(3)           gnutls           gnutls_ocsp_resp_verify(3)



NAME
       gnutls_ocsp_resp_verify - API function

SYNOPSIS
       #include <gnutls/ocsp.h>

       int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp,
       gnutls_x509_trust_list_t trustlist, unsigned int * verify, unsigned int
       flags);

ARGUMENTS
       gnutls_ocsp_resp_const_t resp
                   should contain a gnutls_ocsp_resp_t type

       gnutls_x509_trust_list_t trustlist
                   trust anchors as a gnutls_x509_trust_list_t type

       unsigned int * verify
                   output variable with verification status, an
                   gnutls_ocsp_verify_reason_t

       unsigned int flags
                   verification flags from gnutls_certificate_verify_flags

DESCRIPTION
       Verify signature of the Basic OCSP Response against the public key in the
       certificate of a trusted signer.  The  trustlist should be populated with
       trust anchors.  The function will extract the signer certificate from the
       Basic OCSP Response and will verify it against the  trustlist .  A
       trusted signer is a certificate that is either in  trustlist , or it is
       signed directly by a certificate in
        trustlist and has the id-ad-ocspSigning Extended Key Usage bit set.

       The output  verify variable will hold verification status codes (e.g.,
       GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND,
       GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the
       function returned GNUTLS_E_SUCCESS.

       Note that the function returns GNUTLS_E_SUCCESS even when verification
       failed.  The caller must always inspect the  verify variable to find out
       the verification status.

       The  flags variable should be 0 for now.

RETURNS
       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error
       value.

REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org


COPYRIGHT
       Copyright © 2001-2020 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are
       permitted in any medium without royalty provided the copyright notice and
       this notice are preserved.

SEE ALSO
       The full documentation for gnutls is maintained as a Texinfo manual.  If
       the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       https://www.gnutls.org/manual/

gnutls                               3.6.13           gnutls_ocsp_resp_verify(3)