[gnutls-help] Decoding the status parameter in gnutls_certificate_verify_peers2
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Apr 24 13:29:05 CEST 2017
On Sun, Apr 23, 2017 at 8:51 PM, Wouter Verhelst <w at uter.be> wrote:
> Hi,
>
> gnutls_certificate_verify_peers2 is documented to have two parameters; a
> gnutls_session_t and an unsigned int *status. The info page has these
> two things to say about that status parameter:
>
> STATUS: is the output of the verification
>
> and
>
> *Returns:* 'GNUTLS_E_SUCCESS' (0) when the validation is performed,
> or a negative error code otherwise. A sucessful error code means
> that the 'status' parameter must be checked to obtain the
> validation status.
>
> Unfortunately, it does not explain *how* one must check the "status"
> parameter. I originally believed that the contents of the "status"
> parameter should be 0, but now suddenly my test suite starts to fail
> because status has changed to something else, and I can't figure out
> what it means.
In my system with gnutls 3.5.11 the manpage mentions:
"This function will verify the peer's certificate and store the
status in the status variable
as a bitwise or'd gnutls_certificate_status_t values or zero if the
certificate is trusted."
Does this answer your question?
regards,
Nikos
More information about the Gnutls-help
mailing list