a #GTlsCertificate chain
the purpose that this certificate chain will be used for.
the expected peer identity
used to interact with the user if necessary
additional verify flags
a #GCancellable, or %NULL
the appropriate #GTlsCertificateFlags which represents the result of verification.
GException on failure.
2.30
Determines the validity of a certificate chain after looking up and adding any missing certificates to the chain.
@chain is a chain of #GTlsCertificate objects each pointing to the next certificate in the chain by its #GTlsCertificate:issuer property. The chain may initially consist of one or more certificates. After the verification process is complete, @chain may be modified by adding missing certificates, or removing extra certificates. If a certificate anchor was found, then it is added to the @chain.
@purpose describes the purpose (or usage) for which the certificate is being used. Typically @purpose will be set to #G_TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER which means that the certificate is being used to authenticate a server (and we are acting as the client).
The @identity is used to ensure the server certificate is valid for the expected peer identity. If the identity does not match the certificate, %G_TLS_CERTIFICATE_BAD_IDENTITY will be set in the return value. If @identity is %NULL, that bit will never be set in the return value. The peer identity may also be used to check for pinned certificates (trust exceptions) in the database. These may override the normal verification process on a host-by-host basis.
Currently there are no @flags, and %G_TLS_DATABASE_VERIFY_NONE should be used.
If @chain is found to be valid, then the return value will be 0. If @chain is found to be invalid, then the return value will indicate the problems found. If the function is unable to determine whether @chain is valid or not (eg, because @cancellable is triggered before it completes) then the return value will be %G_TLS_CERTIFICATE_GENERIC_ERROR and @error will be set accordingly. @error is not set when @chain is successfully analyzed but found to be invalid.
This function can block, use g_tls_database_verify_chain_async() to perform the verification operation asynchronously.