gnutls_certificate_verify_peers3 man page

gnutls_certificate_verify_peers3 — API function


#include <gnutls/gnutls.h>

int gnutls_certificate_verify_peers3(gnutls_session_t session, const char * hostname, unsigned int * status);


gnutls_session_t session

is a gnutls session

const char * hostname

is the expected name of the peer; may be NULL

unsigned int * status

is the output of the verification


This function will verify the peer's certificate and store the status in the  status variable as a bitwise or'd gnutls_certificate_status_t values or zero if the certificate is trusted. Note that value in  status is set only when the return value of this function is success (i.e, failure  to trust a certificate does not imply a negative return value). The default verification flags used by this function can be overridden using gnutls_certificate_set_verify_flags(). See the documentation of gnutls_certificate_verify_peers2() for details in the verification process.

If the  hostname provided is non-NULL then this function will compare the hostname in the certificate against it. The comparison will follow the RFC6125 recommendations. If names do not match the GNUTLS_CERT_UNEXPECTED_OWNER status flag will be set.

In order to verify the purpose of the end-certificate (by checking the extended key usage), use gnutls_certificate_verify_peers().


GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. A sucessful error code means that the  status parameter must be checked to obtain the validation status.



Reporting Bugs

Report bugs to <>.
Home page:

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit


3.5.9 gnutls