diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
| commit | 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 (patch) | |
| tree | 6c68e0c0097987aff85a01dabddd34b862309a7c /doc/functions/gnutls_x509_crt_check_hostname2 | |
| parent | Initial commit. (diff) | |
| download | gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.tar.xz gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.zip | |
Adding upstream version 3.7.9.upstream/3.7.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/functions/gnutls_x509_crt_check_hostname2')
| -rw-r--r-- | doc/functions/gnutls_x509_crt_check_hostname2 | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/functions/gnutls_x509_crt_check_hostname2 b/doc/functions/gnutls_x509_crt_check_hostname2 new file mode 100644 index 0000000..ffac35b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname2 @@ -0,0 +1,38 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{hostname}: A null terminated string that contains a DNS name + +@var{flags}: gnutls_certificate_verify_flags + +This function will check if the given certificate's subject matches +the given hostname. This is a basic implementation of the matching +described in RFC6125, and takes into account wildcards, +and the DNSName/IPAddress subject alternative name PKIX extension. + +IPv4 addresses are accepted by this function in the dotted-decimal +format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal +x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative +name extension is consulted. Previous versions to 3.6.0 of GnuTLS +in case of a non-match would consult (in a non-standard extension) +the DNSname and CN fields. This is no longer the case. + +When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS} is specified no +wildcards are considered. Otherwise they are only considered if the +domain name consists of three components or more, and the wildcard +starts at the leftmost position. +When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES} is specified, +the input will be treated as a DNS name, and matching of textual IP addresses +against the IPAddress part of the alternative name will not be allowed. + +The function @code{gnutls_x509_crt_check_ip()} is available for matching +IP addresses. + +@strong{Returns:} non-zero for a successful match, and zero on failure. + +@strong{Since:} 3.3.0 +@end deftypefun |