diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-04-08 18:42:01 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-04-08 19:35:38 +0200 |
| commit | f7ad44f1b587e057070f57ceee521b8eecf060db (patch) | |
| tree | d2df86bf2d5d299d3999807233ae10b24b7fbc8c /doc/cha-cert-auth.texi | |
| parent | b3ee1e5c22480ae5eb3fde8e4341576de396644e (diff) | |
| download | gnutls-f7ad44f1b587e057070f57ceee521b8eecf060db.tar.gz | |
Added gnutls_certificate_verify_peers4 which will verify in addition to hostname, the purpose of the end-certificate.
Diffstat (limited to 'doc/cha-cert-auth.texi')
| -rw-r--r-- | doc/cha-cert-auth.texi | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi index fcd089cb88..dfd4f8c9ec 100644 --- a/doc/cha-cert-auth.texi +++ b/doc/cha-cert-auth.texi @@ -349,10 +349,13 @@ When operating in the context of a TLS session, the trusted certificate authority list may also be set using: @showfuncC{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust} -Then it is not required to setup a trusted list as above. -The function @funcref{gnutls_certificate_verify_peers3} -may then be used to verify the peer's certificate chain and identity. The flags +In that case it is not required to setup a trusted list as above, and +the function @funcref{gnutls_certificate_verify_peers3} +may be used to verify the peer's certificate chain and identity. The flags are set similarly to the verification functions in the previous section. +Note that in certain cases it is required to check the marked purpose of +the end certificate (e.g. @code{GNUTLS_KP_TLS_WWW_SERVER}); in these case +@funcref{gnutls_certificate_verify_peers4} should be used instead. There is also the possibility to pass some input to the verification functions in the form of flags. For @funcref{gnutls_x509_trust_list_verify_crt} the |