1 files changed, 35 insertions, 0 deletions

diff --git a/doc/functions/dane_verify_session_crt b/doc/functions/dane_verify_session_crt
new file mode 100644
index 0000000..5e4deb3
--- /dev/null
+++ b/doc/functions/dane_verify_session_crt
@@ -0,0 +1,35 @@
+
+
+
+
+@deftypefun {int} {dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify})
+@var{s}: A DANE state structure (may be NULL)
+
+@var{session}: A gnutls session
+
+@var{hostname}: The hostname associated with the chain
+
+@var{proto}: The protocol of the service connecting (e.g. tcp)
+
+@var{port}: The port of the service connecting (e.g. 443)
+
+@var{sflags}: Flags for the initialization of  @code{s} (if NULL)
+
+@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} .
+
+@var{verify}: An OR'ed list of @code{dane_verify_status_t} .
+
+This function will verify session's certificate chain against the
+CA constrains and/or the certificate available via DANE.
+See @code{dane_verify_crt()}  for more information.
+
+This will not verify the chain for validity; unless the DANE
+verification is restricted to end certificates, this must be
+be performed separately using @code{gnutls_certificate_verify_peers3()} .
+
+@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS}  (0)
+when the DANE entries were successfully parsed, irrespective of
+whether they were verified (see  @code{verify} for that information). If
+no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} 
+will be returned.
+@end deftypefun