Method
GioTlsCertificateverify
since: 2.28
Declaration [src]
GTlsCertificateFlags
g_tls_certificate_verify (
GTlsCertificate* cert,
GSocketConnectable* identity,
GTlsCertificate* trusted_ca
)
Description [src]
This verifies cert
and returns a set of GTlsCertificateFlags
indicating any problems found with it. This can be used to verify a
certificate outside the context of making a connection, or to
check a certificate against a CA that is not part of the system
CA database.
If cert
is valid, G_TLS_CERTIFICATE_NO_FLAGS
is returned.
If identity
is not NULL
, cert
‘s name(s) will be compared against
it, and G_TLS_CERTIFICATE_BAD_IDENTITY
will be set in the return
value if it does not match. If identity
is NULL
, that bit will
never be set in the return value.
If trusted_ca
is not NULL
, then cert
(or one of the certificates
in its chain) must be signed by it, or else
G_TLS_CERTIFICATE_UNKNOWN_CA
will be set in the return value. If
trusted_ca
is NULL
, that bit will never be set in the return value.
GLib guarantees that if certificate verification fails, at least one
error will be set in the return value, but it does not guarantee
that all possible errors will be set. Accordingly, you may not safely
decide to ignore any particular type of error. For example, it would
be incorrect to mask G_TLS_CERTIFICATE_EXPIRED
if you want to allow
expired certificates, because this could potentially be the only
error flag set even if other problems exist with the certificate.
Because TLS session context is not used, GTlsCertificate
may not
perform as many checks on the certificates as GTlsConnection
would.
For example, certificate constraints may not be honored, and
revocation checks may not be performed. The best way to verify TLS
certificates used by a TLS connection is to let GTlsConnection
handle the verification.
Available since: 2.28
Parameters
identity
-
Type:
GSocketConnectable
The expected peer identity.
The argument can be NULL
.The data is owned by the caller of the method. trusted_ca
-
Type:
GTlsCertificate
The certificate of a trusted authority.
The argument can be NULL
.The data is owned by the caller of the method.
Return value
Type: GTlsCertificateFlags
The appropriate GTlsCertificateFlags
.