1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
@deftypefun {int} {dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify})
@var{s}: A DANE state structure (may be NULL)
@var{session}: A gnutls session
@var{hostname}: The hostname associated with the chain
@var{proto}: The protocol of the service connecting (e.g. tcp)
@var{port}: The port of the service connecting (e.g. 443)
@var{sflags}: Flags for the initialization of @code{s} (if NULL)
@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} .
@var{verify}: An OR'ed list of @code{dane_verify_status_t} .
This function will verify session's certificate chain against the
CA constrains and/or the certificate available via DANE.
See @code{dane_verify_crt()} for more information.
This will not verify the chain for validity; unless the DANE
verification is restricted to end certificates, this must be
be performed separately using @code{gnutls_certificate_verify_peers3()} .
@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0)
when the DANE entries were successfully parsed, irrespective of
whether they were verified (see @code{verify} for that information). If
no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE}
will be returned.
@end deftypefun
|
