blob: cd5858c8fd362c4842cd043e8d2b883cefae988e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
@deftypefun {int} {gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags})
@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type
@var{signer}: the certificate believed to have signed the structure
@var{idx}: the index of the signature info to check
@var{data}: The data to be verified or @code{NULL}
@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags}
This function will verify the provided data against the signature
present in the SignedData of the PKCS @code{7} structure. If the data
provided are NULL then the data in the encapsulatedContent field
will be used instead.
Note that, unlike @code{gnutls_pkcs7_verify()} this function does not
verify the key purpose of the signer. It is expected for the caller
to verify the intended purpose of the @code{signer} -e.g., via @code{gnutls_x509_crt_get_key_purpose_oid()} ,
or @code{gnutls_x509_crt_check_key_purpose()} .
Note also, that since GnuTLS 3.5.6 this function introduces checks in the
end certificate ( @code{signer} ), including time checks and key usage checks.
@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a
negative error value. A verification error results to a
@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data
to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} .
@strong{Since:} 3.4.2
@end deftypefun
|
