gnutls_pkcs7_verify_direct(3) — Linux manual page

gnutls_pkcs7_verify_direct(3)     gnutls    gnutls_pkcs7_verify_direct(3)

NAME         top

       gnutls_pkcs7_verify_direct - API function

SYNOPSIS         top

       #include <gnutls/pkcs7.h>

       int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t pkcs7,
       gnutls_x509_crt_t signer, unsigned idx, const gnutls_datum_t *
       data, unsigned flags);

ARGUMENTS         top

       gnutls_pkcs7_t pkcs7
                   should contain a gnutls_pkcs7_t type

       gnutls_x509_crt_t signer
                   the certificate believed to have signed the structure

       unsigned idx
                   the index of the signature info to check

       const gnutls_datum_t * data
                   The data to be verified or NULL

       unsigned flags
                   Zero or an OR list of gnutls_certificate_verify_flags

DESCRIPTION         top

       This function will verify the provided data against the signature
       present in the SignedData of the PKCS 7 structure. If the data
       provided are NULL then the data in the encapsulatedContent field
       will be used instead.

       Note that, unlike gnutls_pkcs7_verify() this function does not
       verify the key purpose of the signer. It is expected for the
       caller to verify the intended purpose of the signer -e.g., via
       gnutls_x509_crt_get_key_purpose_oid(), or
       gnutls_x509_crt_check_key_purpose().

       Note also, that since GnuTLS 3.5.6 this function introduces checks
       in the end certificate ( signer ), including time checks and key
       usage checks.

RETURNS         top

       On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative
       error value. A verification error results to a
       GNUTLS_E_PK_SIG_VERIFY_FAILED and the lack of encapsulated data to
       verify to a GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.

SINCE         top

       3.4.2

REPORTING BUGS         top

       Report bugs to <[email protected]>.
       Home page: https://www.gnutls.org

COPYRIGHT         top

       Copyright © 2001-2023 Free Software Foundation, Inc., and others.
       Copying and distribution of this file, with or without
       modification, are permitted in any medium without royalty provided
       the copyright notice and this notice are preserved.

SEE ALSO         top

       The full documentation for gnutls is maintained as a Texinfo
       manual.  If the /usr/share/doc/gnutls/ directory does not contain
       the HTML form visit

       https://www.gnutls.org/manual/

COLOPHON         top

       This page is part of the GnuTLS (GnuTLS Transport Layer Security
       Library) project.  Information about the project can be found at
       ⟨http://www.gnutls.org/⟩.  If you have a bug report for this
       manual page, send it to [email protected].  This page was obtained
       from the tarball fetched from
       ⟨https://www.gnupg.org/ftp/gcrypt/gnutls/⟩ on 2025-08-11.  If you
       discover any rendering problems in this HTML version of the page,
       or you believe there is a better or more up-to-date source for the
       page, or you have corrections or improvements to the information
       in this COLOPHON (which is not part of the original manual page),
       send a mail to [email protected]

gnutls                            3.8.10    gnutls_pkcs7_verify_direct(3)

HTML rendering created 2025-09-06 by Michael Kerrisk, author of The Linux Programming Interface. For details of in-depth Linux/UNIX system programming training courses that I teach, look here. Hosting by jambit GmbH.