int gnutls_x509_crt_get_name_constraints(gnutls_x509_crt_t crt, gnutls_x509_name_constraints_t nc, unsigned int flags, unsigned int * critical);
- gnutls_x509_crt_t crt
should contain a gnutls_x509_crt_t type
- gnutls_x509_name_constraints_t nc
The nameconstraints intermediate type
- unsigned int flags
zero or GNUTLS_EXT_FLAG_APPEND
- unsigned int * critical
the extension status
This function will return an intermediate type containing the name constraints of the provided CA certificate. That structure can be used in combination with gnutls_x509_name_constraints_check() to verify whether a server's name is in accordance with the constraints.
When the flags is set to GNUTLS_EXT_FLAG_APPEND, then if the nc structure is empty this function will behave identically as if the flag was not set. Otherwise if there are elements in the nc structure then the constraints will be merged with the existing constraints following RFC5280 p6.1.4 (excluded constraints will be appended, permitted will be intersected).
Note that nc must be initialized prior to calling this function.
On success, GNUTLS_E_SUCCESS (0) is returned, GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if the extension is not present, otherwise a negative error value.
Report bugs to <firstname.lastname@example.org>.
Home page: https://www.gnutls.org
Copyright © 2001- Free Software Foundation, Inc., and others.
Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
The full documentation for gnutls is maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visit