On 2017-04-24 Wouter Verhelst <[email protected]> wrote: > On Mon, Apr 24, 2017 at 01:29:05PM +0200, Nikos Mavrogiannopoulos wrote: [...] > > Does this answer your question?
> It does, thank you. Of course, it does not explain why the info page > does not document this -- should I open a bug report for that? Hello, what version of GnuTLS are you using? I have just checked Debian's gnutls-doc package version 3.5.8-5 and the info documentation seems to be complete: |gnutls_certificate_verify_peers2 |-------------------------------- | | -- Function: int gnutls_certificate_verify_peers2 (gnutls_session_t | SESSION, unsigned int * STATUS) | SESSION: is a gnutls session | | STATUS: is the output of the verification | | This function will verify the peer's certificate and store the | status in the 'status' variable as a bitwise or'd | gnutls_certificate_status_t values or zero if the certificate is | trusted. Note that value in 'status' is set only when the return | value of this function is success (i.e, failure to trust a | certificate does not imply a negative return value). The default | verification flags used by this function can be overridden using | 'gnutls_certificate_set_verify_flags()' . | | This function will take into account the OCSP Certificate Status | TLS extension, as well as the following X.509 certificate | extensions: Name Constraints, Key Usage, and Basic Constraints | (pathlen). | | To avoid denial of service attacks some default upper limits | regarding the certificate key size and chain size are set. To | override them use 'gnutls_certificate_set_verify_limits()' . | | Note that you must also check the peer's name in order to check if | the verified certificate belongs to the actual peer, see | 'gnutls_x509_crt_check_hostname()' , or use | 'gnutls_certificate_verify_peers3()' . | | *Returns:* 'GNUTLS_E_SUCCESS' (0) when the validation is performed, | or a negative error code otherwise. A sucessful error code means | that the 'status' parameter must be checked to obtain the | validation status. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
