TlsDatabase.verifyChain

Determines the validity of a certificate chain after looking up and adding any missing certificates to the chain.

@chain is a chain of #GTlsCertificate objects each pointing to the next certificate in the chain by its #GTlsCertificate:issuer property. The chain may initially consist of one or more certificates. After the verification process is complete, @chain may be modified by adding missing certificates, or removing extra certificates. If a certificate anchor was found, then it is added to the @chain.

@purpose describes the purpose (or usage) for which the certificate is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER which means that the certificate is being used to authenticate a server (and we are acting as the client).

The @identity is used to check for pinned certificates (trust exceptions) in the database. These will override the normal verification process on a host by host basis.

Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be used.

If @chain is found to be valid, then the return value will be 0. If @chain is found to be invalid, then the return value will indicate the problems found. If the function is unable to determine whether @chain is valid or not (eg, because @cancellable is triggered before it completes) then the return value will be %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set accordingly. @error is not set when @chain is successfully analyzed but found to be invalid.

This function can block, use g_tls_database_verify_chain_async() to perform the verification operation asynchronously.

Parameters

chain TlsCertificate

a #GTlsCertificate chain

purpose string

the purpose that this certificate chain will be used for.

identity SocketConnectableIF

the expected peer identity

interaction TlsInteraction

used to interact with the user if necessary

flags GTlsDatabaseVerifyFlags

additional verify flags

cancellable Cancellable

a #GCancellable, or %NULL

Return Value

the appropriate #GTlsCertificateFlags which represents the result of verification.

Throws

GException on failure.

Meta

Since

2.30