a #GTlsCertificate chain
the purpose that this certificate chain will be used for.
the expected peer identity
used to interact with the user if necessary
additional verify flags
a #GCancellable, or %NULL
the appropriate #GTlsCertificateFlags which represents the result of verification.
GException on failure.
2.30
Determines the validity of a certificate chain after looking up and adding any missing certificates to the chain.
@chain is a chain of #GTlsCertificate objects each pointing to the next certificate in the chain by its %issuer property. The chain may initially consist of one or more certificates. After the verification process is complete, @chain may be modified by adding missing certificates, or removing extra certificates. If a certificate anchor was found, then it is added to the @chain.
@purpose describes the purpose (or usage) for which the certificate is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER which means that the certificate is being used to authenticate a server (and we are acting as the client).
The @identity is used to check for pinned certificates (trust exceptions) in the database. These will override the normal verification process on a host by host basis.
Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be used.
If @chain is found to be valid, then the return value will be 0. If @chain is found to be invalid, then the return value will indicate the problems found. If the function is unable to determine whether @chain is valid or not (eg, because @cancellable is triggered before it completes) then the return value will be %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set accordingly. @error is not set when @chain is successfully analyzed but found to be invalid.
This function can block, use g_tls_database_verify_chain_async() to perform the verification operation asynchronously.