From 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 09:33:12 +0200 Subject: Adding upstream version 3.7.9. Signed-off-by: Daniel Baumann --- doc/functions/gnutls_ocsp_resp_verify | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 doc/functions/gnutls_ocsp_resp_verify (limited to 'doc/functions/gnutls_ocsp_resp_verify') diff --git a/doc/functions/gnutls_ocsp_resp_verify b/doc/functions/gnutls_ocsp_resp_verify new file mode 100644 index 0000000..5acc96b --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_const_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} type + +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} + +@var{flags}: verification flags from @code{gnutls_certificate_verify_flags} + +Verify signature of the Basic OCSP Response against the public key +in the certificate of a trusted signer. The @code{trustlist} should be +populated with trust anchors. The function will extract the signer +certificate from the Basic OCSP Response and will verify it against +the @code{trustlist} . A trusted signer is a certificate that is either +in @code{trustlist} , or it is signed directly by a certificate in + @code{trustlist} and has the id-ad-ocspSigning Extended Key Usage bit +set. + +The output @code{verify} variable will hold verification status codes +(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} , +@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the +function returned @code{GNUTLS_E_SUCCESS} . + +Note that the function returns @code{GNUTLS_E_SUCCESS} even when +verification failed. The caller must always inspect the @code{verify} variable to find out the verification status. + +The @code{flags} variable should be 0 for now. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun -- cgit v1.2.3