.\" DO NOT MODIFY THIS FILE! It was generated by gdoc. .TH "gnutls_certificate_verify_peers2" 3 "2.4.2" "gnutls" "gnutls" .SH NAME gnutls_certificate_verify_peers2 \- return the peer's certificate verification status .SH SYNOPSIS .B #include .sp .BI "int gnutls_certificate_verify_peers2(gnutls_session_t " session ", unsigned int * " status ");" .SH ARGUMENTS .IP "gnutls_session_t session" 12 is a gnutls session .IP "unsigned int * status" 12 is the output of the verification .SH "DESCRIPTION" This function will try to verify the peer's certificate and return its status (trusted, invalid etc.). The value of \fIstatus\fP should be one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. To avoid denial of service attacks some default upper limits regarding the certificate key size and chain size are set. To override them use \fBgnutls_certificate_set_verify_limits()\fP. Note that you must also check the peer's name in order to check if the verified certificate belongs to the actual peer. This is the same as \fBgnutls_x509_crt_list_verify()\fP and uses the loaded CAs in the credentials as trusted CAs. Note that some commonly used X.509 Certificate Authorities are still using Version 1 certificates. If you want to accept them, you need to call \fBgnutls_certificate_set_verify_flags()\fP with, e.g., \fBGNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT\fP parameter. .SH "RETURNS" a negative error code on error and zero on success. .SH "REPORTING BUGS" Report bugs to . .SH COPYRIGHT Copyright \(co 2008 Free Software Foundation. .br Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. .SH "SEE ALSO" The full documentation for .B gnutls is maintained as a Texinfo manual. If the .B info and .B gnutls programs are properly installed at your site, the command .IP .B info gnutls .PP should give you access to the complete manual.