Manpages - gnutls_pkcs7_verify_direct.3

gnutls_pkcs7_verify_direct - API function

#include <gnutls/pkcs7.h>

int gnutls_pkcs7_verify_direct(gnutls_pkcs7_t */pkcs7/, gnutls_x509_crt_t signer, unsigned idx, const gnutls_datum_t * data, unsigned flags);*

gnutls_pkcs7_t pkcs7

should contain a gnutls_pkcs7_t type

gnutls_x509_crt_t signer

the certificate believed to have signed the structure

unsigned idx

the index of the signature info to check

const gnutls_datum_t * data

The data to be verified or NULL

unsigned flags

Zero or an OR list of gnutls_certificate_verify_flags

This function will verify the provided data against the signature present in the SignedData of the PKCS 7 structure. If the data provided are NULL then the data in the encapsulatedContent field will be used instead.

Note that, unlike gnutls_pkcs7_verify() this function does not verify the key purpose of the signer. It is expected for the caller to verify the intended purpose of the signer -e.g., via gnutls_x509_crt_get_key_purpose_oid(), or gnutls_x509_crt_check_key_purpose().

Note also, that since GnuTLS 3.5.6 this function introduces checks in the end certificate ( signer ), including time checks and key usage checks.

On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value. A verification error results to a GNUTLS_E_PK_SIG_VERIFY_FAILED and the lack of encapsulated data to verify to a GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE.

3.4.2

Report bugs to <bugs@gnutls.org>.
Home page: https://www.gnutls.org

Copyright © 2001- Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.

The full documentation for gnutls is maintained as a Texinfo manual. If the usr/share/doc/gnutls directory does not contain the HTML form visit

https://www.gnutls.org/manual/