[gnutls-help] Decoding the status parameter in gnutls_certificate_verify_peers2

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Apr 24 13:29:05 CEST 2017


On Sun, Apr 23, 2017 at 8:51 PM, Wouter Verhelst <w at uter.be> wrote:
> Hi,
>
> gnutls_certificate_verify_peers2 is documented to have two parameters; a
> gnutls_session_t and an unsigned int *status. The info page has these
> two things to say about that status parameter:
>
>     STATUS: is the output of the verification
>
> and
>
>    *Returns:* 'GNUTLS_E_SUCCESS' (0) when the validation is performed,
>     or a negative error code otherwise.  A sucessful error code means
>     that the 'status' parameter must be checked to obtain the
>     validation status.
>
> Unfortunately, it does not explain *how* one must check the "status"
> parameter. I originally believed that the contents of the "status"
> parameter should be 0, but now suddenly my test suite starts to fail
> because status has changed to something else, and I can't figure out
> what it means.

In my system with gnutls 3.5.11 the manpage mentions:
"This  function  will verify the peer's certificate and store the
status in the  status variable
 as a bitwise or'd gnutls_certificate_status_t values or zero if  the
certificate  is  trusted."

Does this answer your question?

regards,
Nikos



More information about the Gnutls-help mailing list