Provided by: gnutls-doc_3.7.7-2ubuntu2_all bug

NAME
       gnutls_certificate_verify_peers2 - API function


SYNOPSIS
       #include <gnutls/gnutls.h>

       int gnutls_certificate_verify_peers2(gnutls_session_t session, unsigned int * status);


ARGUMENTS
       gnutls_session_t session
                   is a gnutls session

       unsigned int * status
                   is the output of the verification


DESCRIPTION
       This  function  will  verify  the  peer's  certificate and store the status in the  status
       variable as a bitwise OR of gnutls_certificate_status_t values or zero if the  certificate
       is  trusted. Note that value in  status is set only when the return value of this function
       is success (i.e, failure to trust a certificate does not imply a negative  return  value).
       The   default   verification   flags  used  by  this  function  can  be  overridden  using
       gnutls_certificate_set_verify_flags().

       This function will take into account the stapled OCSP responses sent  by  the  server,  as
       well as the following X.509 certificate extensions: Name Constraints, Key Usage, and Basic
       Constraints (pathlen).

       Note that you must also  check  the  peer's  name  in  order  to  check  if  the  verified
       certificate  belongs  to  the  actual  peer,  see gnutls_x509_crt_check_hostname(), or use
       gnutls_certificate_verify_peers3().

       To avoid denial of service attacks some default upper limits regarding the certificate key
       size and chain size are set. To override them use gnutls_certificate_set_verify_limits().

       Note  that  when  using  raw  public-keys  verification  will not work because there is no
       corresponding certificate body belonging to the raw key that can be verified. In that case
       this function will return GNUTLS_E_INVALID_REQUEST.


RETURNS
       GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise.
       A successful error code means that the  status parameter must be  checked  to  obtain  the
       validation status.


REPORTING BUGS
       Report bugs to <bugs@gnutls.org>.
       Home page: https://www.gnutls.org


COPYRIGHT
       Copyright © 2001- Free Software Foundation, Inc., and others.
       Copying  and distribution of this file, with or without modification, are permitted in any
       medium without royalty provided the copyright notice and this notice are preserved.


SEE ALSO
       The  full  documentation  for  gnutls  is  maintained  as  a  Texinfo  manual.    If   the
       /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       https://www.gnutls.org/manual/