man7.org > Linux > man-pages

Linux/UNIX system programming training

gnutls_ocsp_resp_verify(3) — Linux manual page

NAME | SYNOPSIS | ARGUMENTS | DESCRIPTION | RETURNS | REPORTING BUGS | COPYRIGHT | SEE ALSO | COLOPHON 

gnutls_ocsp_resp_verify(3)        gnutls       gnutls_ocsp_resp_verify(3)

NAME         top

       gnutls_ocsp_resp_verify - API function

SYNOPSIS         top

       #include <gnutls/ocsp.h>

       int gnutls_ocsp_resp_verify(gnutls_ocsp_resp_const_t resp,
       gnutls_x509_trust_list_t trustlist, unsigned int * verify,
       unsigned int flags);

ARGUMENTS         top

       gnutls_ocsp_resp_const_t resp
                   should contain a gnutls_ocsp_resp_t type

       gnutls_x509_trust_list_t trustlist
                   trust anchors as a gnutls_x509_trust_list_t type

       unsigned int * verify
                   output variable with verification status, an
                   gnutls_ocsp_verify_reason_t

       unsigned int flags
                   verification flags from
                   gnutls_certificate_verify_flags

DESCRIPTION         top

       Verify signature of the Basic OCSP Response against the public key
       in the certificate of a trusted signer.  The  trustlist should be
       populated with trust anchors.  The function will extract the
       signer certificate from the Basic OCSP Response and will verify it
       against the  trustlist .  A trusted signer is a certificate that
       is either in  trustlist , or it is signed directly by a
       certificate in
        trustlist and has the id-ad-ocspSigning Extended Key Usage bit
       set.

       The output  verify variable will hold verification status codes
       (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND,
       GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the
       function returned GNUTLS_E_SUCCESS.

       Note that the function returns GNUTLS_E_SUCCESS even when
       verification failed.  The caller must always inspect the  verify
       variable to find out the verification status.

       The  flags variable should be 0 for now.

RETURNS         top

       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative
       error value.

REPORTING BUGS         top

       Report bugs to <[email protected]>.
       Home page: https://www.gnutls.org

COPYRIGHT         top

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty provided
       the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit

       https://www.gnutls.org/manual/

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨http://www.gnutls.org/⟩.  If you have a bug report for this
       manual page, send it to [email protected].  This page was obtained
       from the tarball fetched from
       ⟨https://www.gnupg.org/ftp/gcrypt/gnutls/⟩ on 2025-08-11.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for the
       page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to [email protected]

gnutls                            3.8.10       gnutls_ocsp_resp_verify(3)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface.

For details of in-depth Linux/UNIX system programming training courses that I teach, look here.

Hosting by jambit GmbH.

Cover of TLPI