summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2016-03-14 14:06:01 +0100
committerNikos Mavrogiannopoulos <nmav@redhat.com>2016-03-14 14:06:37 +0100
commit2995b1ed747d89285414975003fb286fa2edf545 (patch)
tree64cf21d70eb5f7c7a56b9c47535f9a9f6775bcf2 /lib
parent7f28046c86868d160c456ffd7c6aea5637bb7def (diff)
downloadgnutls-2995b1ed747d89285414975003fb286fa2edf545.tar.gz
doc: updated text for gnutls_ocsp_status_request_is_checked()
Relates #75
Diffstat (limited to 'lib')
-rw-r--r--lib/ext/status_request.c22
1 files changed, 14 insertions, 8 deletions
diff --git a/lib/ext/status_request.c b/lib/ext/status_request.c
index b68257a587..4497401098 100644
--- a/lib/ext/status_request.c
+++ b/lib/ext/status_request.c
@@ -1,5 +1,6 @@
/*
- * Copyright (C) 2012 Free Software Foundation, Inc.
+ * Copyright (C) 2012-2016 Free Software Foundation, Inc.
+ * Copyright (C) 2016 Red Hat, Inc.
*
* Author: Simon Josefsson, Nikos Mavrogiannopoulos
*
@@ -650,18 +651,23 @@ int _gnutls_recv_server_certificate_status(gnutls_session_t session)
* @session: is a gnutls session
* @flags: should be zero or %GNUTLS_OCSP_SR_IS_AVAIL
*
- * Check whether an OCSP status response was included in the handshake
- * and whether it was checked and valid (not too old or superseded).
+ * When flags are zero this function returns non-zero if a valid OCSP status
+ * response was included in the TLS handshake. That is, an OCSP status response
+ * which is not too old or superseded. It returns zero otherwise.
+ *
+ * When the flag %GNUTLS_OCSP_SR_IS_AVAIL is specified, the function
+ * returns non-zero if an OCSP status response was included in the handshake
+ * even if it was invalid. Otherwise, if no OCSP status response was included,
+ * it returns zero. The %GNUTLS_OCSP_SR_IS_AVAIL flag was introduced in GnuTLS 3.4.0.
+ *
* This is a helper function when needing to decide whether to perform an
- * OCSP validity check on the peer's certificate. Should be called after
+ * explicit OCSP validity check on the peer's certificate. Should be called after
* any of gnutls_certificate_verify_peers*() are called.
*
- * If the flag %GNUTLS_OCSP_SR_IS_AVAIL is specified, the return
- * value of the function indicates whether an OCSP status response has
- * been received (even if invalid). The flag was introduced in GnuTLS 3.4.0.
- *
* Returns: non zero if the response was valid, or a zero if it wasn't sent,
* or sent and was invalid.
+ *
+ * Since: 3.1.4
**/
int
gnutls_ocsp_status_request_is_checked(gnutls_session_t session,