NAME

       gnutls_pkcs11_crt_is_known - API function

SYNOPSIS

       #include <gnutls/pkcs11.h>

       int  gnutls_pkcs11_crt_is_known(const  char  *  url,  gnutls_x509_crt_t cert, unsigned int
       flags);

ARGUMENTS

       const char * url
                   A PKCS 11 url identifying a token

       gnutls_x509_crt_t cert
                   is the certificate to find issuer for

       unsigned int flags
                   Use zero or flags from GNUTLS_PKCS11_OBJ_FLAG.

DESCRIPTION

       This function will check whether the provided  certificate  is  stored  in  the  specified
       token.  This  is  useful  in  combination  with GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or
       GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED,  to  check  whether  a  CA  is  present  or  a
       certificate is blacklisted in a trust PKCS 11 module.

       This  function  can be used with a  url of "pkcs11:", and in that case all modules will be
       searched.  To  restrict  the  modules  to  the  marked  as  trusted  in  p11-kit  use  the
       GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.

       Note that the flag GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is specific to p11-kit trust
       modules.

RETURNS

       If the certificate exists non-zero is returned, otherwise zero.

SINCE

       3.3.0

REPORTING BUGS

       Report bugs to <bugs@gnutls.org>.
       Home page: http://www.gnutls.org

COPYRIGHT

       Copyright © 2001-2021 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without modification, are permitted in  any
       medium without royalty provided the copyright notice and this notice are preserved.

SEE ALSO

       The   full   documentation  for  gnutls  is  maintained  as  a  Texinfo  manual.   If  the
       /usr/share/doc/gnutls/ directory does not contain the HTML form visit

       http://www.gnutls.org/manual/