dane_verify_session_crt man page

dane_verify_session_crt — API function


#include <gnutls/dane.h>

int dane_verify_session_crt(dane_state_t s, gnutls_session_t session, const char * hostname, const char * proto, unsigned int port, unsigned int sflags, unsigned int vflags, unsigned int * verify);


dane_state_t s
A DANE state structure (may be NULL)
gnutls_session_t session
A gnutls session
const char * hostname
The hostname associated with the chain
const char * proto
The protocol of the service connecting (e.g. tcp)
unsigned int port
The port of the service connecting (e.g. 443)
unsigned int sflags
Flags for the initialization of s (if NULL)
unsigned int vflags
Verification flags; an OR'ed list of dane_verify_flags_t.
unsigned int * verify
An OR'ed list of dane_verify_status_t.


This function will verify session's certificate chain against the CA constrains and/or the certificate available via DANE. See dane_verify_crt() for more information.

This will not verify the chain for validity; unless the DANE verification is restricted to end certificates, this must be be performed separately using gnutls_certificate_verify_peers3().


a negative error code on error and DANE_E_SUCCESS (0) when the DANE entries were successfully parsed, irrespective of whether they were verified (see verify for that information). If no usable entries were encountered DANE_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: http://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit



gnutls 3.5.4