NAME

       gnutls_pkcs11_crt_is_known - API function

SYNOPSIS

       #include <gnutls/pkcs11.h>

       unsigned gnutls_pkcs11_crt_is_known(const char * url, gnutls_x509_crt_t cert, unsigned int flags);

ARGUMENTS

       const char * url
                   A PKCS 11 url identifying a token

       gnutls_x509_crt_t cert
                   is the certificate to find issuer for

       unsigned int flags
                   Use zero or flags from GNUTLS_PKCS11_OBJ_FLAG.

DESCRIPTION

       This  function  will  check  whether  the  provided certificate is stored in the specified token. This is
       useful        in        combination        with        GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED         or
       GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,  to  check  whether  a  CA  is  present  or  a certificate is
       blacklisted in a trust PKCS 11 module.

       This function can be used with a  url of "pkcs11:", and in that case all modules  will  be  searched.  To
       restrict     the     modules     to     the     marked     as     trusted     in    p11-kit    use    the
       GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.

       Note that the flag GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is specific to p11-kit trust modules.

RETURNS

       If the certificate exists non-zero is returned, otherwise zero.

SINCE

       3.3.0

REPORTING BUGS

       Report bugs to <bugs@gnutls.org>.
       Home page: http://www.gnutls.org

COPYRIGHT

       Copyright © 2001-2022 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are permitted in any medium  without
       royalty provided the copyright notice and this notice are preserved.

SEE ALSO

       The  full  documentation  for  gnutls  is  maintained as a Texinfo manual.  If the /usr/share/doc/gnutls/
       directory does not contain the HTML form visit

       http://www.gnutls.org/manual/