TlsDatabase.verifyChain

Verify's a certificate chain after looking up and adding any missing certificates to the chain.

@chain is a chain of #GTlsCertificate objects each pointing to the next certificate in the chain by its %issuer property. The chain may initially consist of one or more certificates. After the verification process is complete, @chain may be modified by adding missing certificates, or removing extra certificates. If a certificate anchor was found, then it is added to the @chain.

@purpose describes the purpose (or usage) for which the certificate is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER which means that the certificate is being used to authenticate a server (and we are acting as the client).

The @identity is used to check for pinned certificates (trust exceptions) in the database. These will override the normal verification process on a host by host basis.

Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be used.

This function can block, use g_tls_database_verify_chain_async() to perform the verification operation asynchronously.

Parameters

chain TlsCertificate

a #GTlsCertificate chain

purpose string

the purpose that this certificate chain will be used for.

identity SocketConnectableIF

the expected peer identity

interaction TlsInteraction

used to interact with the user if necessary

flags GTlsDatabaseVerifyFlags

additional verify flags

cancellable Cancellable

a #GCancellable, or %NULL

Return: the appropriate #GTlsCertificateFlags which represents the result of verification.

Throws

GException on failure.

Meta

Since

2.30