Adding upstream version 3.7.9.upstream/3.7.9upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 35 insertions, 0 deletions

diff --git a/doc/functions/gnutls_ocsp_resp_verify b/doc/functions/gnutls_ocsp_resp_verify
new file mode 100644
index 0000000..5acc96b
--- /dev/null
+++ b/doc/functions/gnutls_ocsp_resp_verify
@@ -0,0 +1,35 @@
+
+
+
+
+@deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags})
+@var{resp}: should contain a @code{gnutls_ocsp_resp_t}  type
+
+@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t}  type
+
+@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} 
+
+@var{flags}: verification flags from @code{gnutls_certificate_verify_flags} 
+
+Verify signature of the Basic OCSP Response against the public key
+in the certificate of a trusted signer.  The  @code{trustlist} should be
+populated with trust anchors.  The function will extract the signer
+certificate from the Basic OCSP Response and will verify it against
+the  @code{trustlist} .  A trusted signer is a certificate that is either
+in  @code{trustlist} , or it is signed directly by a certificate in
+ @code{trustlist} and has the id-ad-ocspSigning Extended Key Usage bit
+set.
+
+The output  @code{verify} variable will hold verification status codes
+(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} ,
+@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the
+function returned @code{GNUTLS_E_SUCCESS} .
+
+Note that the function returns @code{GNUTLS_E_SUCCESS}  even when
+verification failed.  The caller must always inspect the  @code{verify} variable to find out the verification status.
+
+The  @code{flags} variable should be 0 for now.
+
+@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS}  (0) is returned, otherwise a
+negative error value.
+@end deftypefun