[gnutls-help] Decoding the status parameter in gnutls_certificate_verify_peers2
w at uter.be
Mon Apr 24 18:28:32 CEST 2017
On Mon, Apr 24, 2017 at 01:29:05PM +0200, Nikos Mavrogiannopoulos wrote:
> On Sun, Apr 23, 2017 at 8:51 PM, Wouter Verhelst <w at uter.be> wrote:
> > Hi,
> > gnutls_certificate_verify_peers2 is documented to have two parameters; a
> > gnutls_session_t and an unsigned int *status. The info page has these
> > two things to say about that status parameter:
> > STATUS: is the output of the verification
> > and
> > *Returns:* 'GNUTLS_E_SUCCESS' (0) when the validation is performed,
> > or a negative error code otherwise. A sucessful error code means
> > that the 'status' parameter must be checked to obtain the
> > validation status.
> > Unfortunately, it does not explain *how* one must check the "status"
> > parameter. I originally believed that the contents of the "status"
> > parameter should be 0, but now suddenly my test suite starts to fail
> > because status has changed to something else, and I can't figure out
> > what it means.
> In my system with gnutls 3.5.11 the manpage mentions:
> "This function will verify the peer's certificate and store the
> status in the status variable
> as a bitwise or'd gnutls_certificate_status_t values or zero if the
> certificate is trusted."
> Does this answer your question?
It does, thank you. Of course, it does not explain why the info page
does not document this -- should I open a bug report for that?
(in case you were wondering, it turned out the test suite's certificate,
which is committed into the repository to avoid having to generate a new
one every time the test suite runs, has now expired; I simply need to
generate a new one)
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
More information about the Gnutls-help