gnutls_ocsp_resp_verify_direct man page

gnutls_ocsp_resp_verify_direct — API function


#include <gnutls/ocsp.h>

int gnutls_ocsp_resp_verify_direct(gnutls_ocsp_resp_t resp, gnutls_x509_crt_t issuer, unsigned int * verify, unsigned int flags);


gnutls_ocsp_resp_t resp
should contain a gnutls_ocsp_resp_t type
gnutls_x509_crt_t issuer
certificate believed to have signed the response
unsigned int * verify
output variable with verification status, an gnutls_ocsp_verify_reason_t
unsigned int flags
verification flags, 0 for now.


Verify signature of the Basic OCSP Response against the public key in the issuer certificate.

The output verify variable will hold verification status codes (e.g., GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND, GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) which are only valid if the function returned GNUTLS_E_SUCCESS.

Note that the function returns GNUTLS_E_SUCCESS even when verification failed. The caller must always inspect the verify variable to find out the verification status.

The flags variable should be 0 for now.


On success, GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: http://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit



gnutls 3.5.4