Method

GioTlsCertificateverify

since: 2.28

Declaration [src]

GTlsCertificateFlags
g_tls_certificate_verify (
  GTlsCertificate* cert,
  GSocketConnectable* identity,
  GTlsCertificate* trusted_ca
)

Description [src]

This verifies cert and returns a set of GTlsCertificateFlags indicating any problems found with it. This can be used to verify a certificate outside the context of making a connection, or to check a certificate against a CA that is not part of the system CA database.

If cert is valid, G_TLS_CERTIFICATE_NO_FLAGS is returned.

If identity is not NULL, certs name(s) will be compared against it, and G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the return value if it does not match. If identity is NULL, that bit will never be set in the return value.

If trusted_ca is not NULL, then cert (or one of the certificates in its chain) must be signed by it, or else G_TLS_CERTIFICATE_UNKNOWN_CA will be set in the return value. If trusted_ca is NULL, that bit will never be set in the return value.

GLib guarantees that if certificate verification fails, at least one error will be set in the return value, but it does not guarantee that all possible errors will be set. Accordingly, you may not safely decide to ignore any particular type of error. For example, it would be incorrect to mask G_TLS_CERTIFICATE_EXPIRED if you want to allow expired certificates, because this could potentially be the only error flag set even if other problems exist with the certificate.

Because TLS session context is not used, GTlsCertificate may not perform as many checks on the certificates as GTlsConnection would. For example, certificate constraints may not be honored, and revocation checks may not be performed. The best way to verify TLS certificates used by a TLS connection is to let GTlsConnection handle the verification.

Available since: 2.28

Parameters

identity

Type: GSocketConnectable

The expected peer identity.

The argument can be NULL.
The data is owned by the caller of the method.
trusted_ca

Type: GTlsCertificate

The certificate of a trusted authority.

The argument can be NULL.
The data is owned by the caller of the method.

Return value

Type: GTlsCertificateFlags

The appropriate GTlsCertificateFlags.