gnutls_pkcs11_crt_is_known man page

gnutls_pkcs11_crt_is_known — API function

Synopsis

#include <gnutls/pkcs11.h>

unsigned gnutls_pkcs11_crt_is_known(const char * url, gnutls_x509_crt_t cert, unsigned int flags);

Arguments

const char * url
A PKCS 11 url identifying a token
gnutls_x509_crt_t cert
is the certificate to find issuer for
unsigned int flags
Use zero or flags from GNUTLS_PKCS11_OBJ_FLAG.

Description

This function will check whether the provided certificate is stored in the specified token. This is useful in combination with GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED or GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED, to check whether a CA is present or a certificate is blacklisted in a trust PKCS 11 module.

This function can be used with a url of "pkcs11:", and in that case all modules will be searched. To restrict the modules to the marked as trusted in p11-kit use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE flag.

Note that the flag GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is specific to p11-kit trust modules.

Returns

If the certificate exists non-zero is returned, otherwise zero.

Since

3.3.0

Reporting Bugs

Report bugs to <bugs@gnutls.org>.
Home page: http://www.gnutls.org

See Also

The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit

http://www.gnutls.org/manual/

Info

3.5.5 gnutls gnutls