since: 2.30


g_tls_database_lookup_certificate_issuer (
  GTlsDatabase* self,
  GTlsCertificate* certificate,
  GTlsInteraction* interaction,
  GTlsDatabaseLookupFlags flags,
  GCancellable* cancellable,
  GError** error


Look up the issuer of certificate in the database. The GTlsCertificate:issuer property of certificate is not modified, and the two certificates are not hooked into a chain.

This function can block. Use g_tls_database_lookup_certificate_issuer_async() to perform the lookup operation asynchronously.

Beware this function cannot be used to build certification paths. The issuer certificate returned by this function may not be the same as the certificate that would actually be used to construct a valid certification path during certificate verification. RFC 4158 explains why an issuer certificate cannot be naively assumed to be part of the the certification path (though GLib’s TLS backends may not follow the path building strategies outlined in this RFC). Due to the complexity of certification path building, GLib does not provide any way to know which certification path will actually be used when verifying a TLS certificate. Accordingly, this function cannot be used to make security-related decisions. Only GLib itself should make security decisions about TLS certificates.

Available since: 2.30



Type: GTlsCertificate

A GTlsCertificate.

The data is owned by the caller of the function.

Type: GTlsInteraction

Used to interact with the user if necessary.

The argument can be NULL.
The data is owned by the caller of the function.

Type: GTlsDatabaseLookupFlags

Flags which affect the lookup operation.


Type: GCancellable

A GCancellable, or NULL.

The argument can be NULL.
The data is owned by the caller of the function.

Type: GError **

The return location for a recoverable error.

The argument can be NULL.
If the return location is not NULL, then you must initialize it to a NULL GError*.
The argument will left initialized to NULL by the method if there are no errors.
In case of error, the argument will be set to a newly allocated GError; the caller will take ownership of the data, and be responsible for freeing it.

Return value

Type: GTlsCertificate

A newly allocated issuer GTlsCertificate, or NULL. Use g_object_unref() to release the certificate.

The caller of the method takes ownership of the data, and is responsible for freeing it.