[gnutls-help] Decoding the status parameter in gnutls_certificate_verify_peers2

Wouter Verhelst w at uter.be
Sun Apr 23 20:51:45 CEST 2017


gnutls_certificate_verify_peers2 is documented to have two parameters; a
gnutls_session_t and an unsigned int *status. The info page has these
two things to say about that status parameter:

    STATUS: is the output of the verification


   *Returns:* 'GNUTLS_E_SUCCESS' (0) when the validation is performed,
    or a negative error code otherwise.  A sucessful error code means
    that the 'status' parameter must be checked to obtain the
    validation status.

Unfortunately, it does not explain *how* one must check the "status"
parameter. I originally believed that the contents of the "status"
parameter should be 0, but now suddenly my test suite starts to fail
because status has changed to something else, and I can't figure out
what it means.

As such, I have two questions:
- What do I need to do to decode the "status" parameter?
- Why is this not documented in the documentation for verify_peers2 (and
  likewise, for verify_peers and verify_peers3)?


< ron> I mean, the main *practical* problem with C++, is there's like a dozen
       people in the world who think they really understand all of its rules,
       and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12

More information about the Gnutls-help mailing list