diff options
Diffstat (limited to 'lib/cert-session.c')
-rw-r--r-- | lib/cert-session.c | 18 |
1 files changed, 15 insertions, 3 deletions
diff --git a/lib/cert-session.c b/lib/cert-session.c index 2726512f5d..9a25eb57a4 100644 --- a/lib/cert-session.c +++ b/lib/cert-session.c @@ -599,6 +599,10 @@ _gnutls_x509_cert_verify_peers(gnutls_session_t session, * default upper limits regarding the certificate key size and chain * size are set. To override them use gnutls_certificate_set_verify_limits(). * + * Note that when using raw public-keys verification will not work because there is + * no corresponding certificate body belonging to the raw key that can be verified. In that + * case this function will return %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. * A successful error code means that the @status parameter must be checked to obtain the validation status. **/ @@ -640,6 +644,10 @@ gnutls_certificate_verify_peers2(gnutls_session_t session, * default upper limits regarding the certificate key size and chain * size are set. To override them use gnutls_certificate_set_verify_limits(). * + * Note that when using raw public-keys verification will not work because there is + * no corresponding certificate body belonging to the raw key that can be verified. In that + * case this function will return %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. * A successful error code means that the @status parameter must be checked to obtain the validation status. * @@ -695,6 +703,10 @@ gnutls_typed_vdata_st data; * default upper limits regarding the certificate key size and chain * size are set. To override them use gnutls_certificate_set_verify_limits(). * + * Note that when using raw public-keys verification will not work because there is + * no corresponding certificate body belonging to the raw key that can be verified. In that + * case this function will return %GNUTLS_E_INVALID_REQUEST. + * * Returns: %GNUTLS_E_SUCCESS (0) when the validation is performed, or a negative error code otherwise. * A successful error code means that the @status parameter must be checked to obtain the validation status. * @@ -719,7 +731,7 @@ gnutls_certificate_verify_peers(gnutls_session_t session, return GNUTLS_E_NO_CERTIFICATE_FOUND; - switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) { + switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { case GNUTLS_CRT_X509: return _gnutls_x509_cert_verify_peers(session, data, elements, status); @@ -820,7 +832,7 @@ time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) return (time_t) - 1; } - switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) { + switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { case GNUTLS_CRT_X509: return _gnutls_x509_get_raw_crt_expiration_time(&info-> @@ -856,7 +868,7 @@ time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) return (time_t) - 1; } - switch (gnutls_certificate_type_get2(session, GNUTLS_CTYPE_PEERS)) { + switch (get_certificate_type(session, GNUTLS_CTYPE_PEERS)) { case GNUTLS_CRT_X509: return _gnutls_x509_get_raw_crt_activation_time(&info-> |