summaryrefslogtreecommitdiff
path: root/manual/html_node/DANE-API.html
diff options
context:
space:
mode:
Diffstat (limited to 'manual/html_node/DANE-API.html')
-rw-r--r--manual/html_node/DANE-API.html540
1 files changed, 0 insertions, 540 deletions
diff --git a/manual/html_node/DANE-API.html b/manual/html_node/DANE-API.html
deleted file mode 100644
index d2a0f97e5d..0000000000
--- a/manual/html_node/DANE-API.html
+++ /dev/null
@@ -1,540 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<!-- This manual is last updated 4 March 2015 for version
-3.5.4 of GnuTLS.
-
-Copyright (C) 2001-2015 Free Software Foundation, Inc.\\
-Copyright (C) 2001-2015 Nikos Mavrogiannopoulos
-
-Permission is granted to copy, distribute and/or modify this document
-under the terms of the GNU Free Documentation License, Version 1.3 or
-any later version published by the Free Software Foundation; with no
-Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A
-copy of the license is included in the section entitled "GNU Free
-Documentation License". -->
-<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
-<head>
-<title>GnuTLS 3.5.4: DANE API</title>
-
-<meta name="description" content="GnuTLS 3.5.4: DANE API">
-<meta name="keywords" content="GnuTLS 3.5.4: DANE API">
-<meta name="resource-type" content="document">
-<meta name="distribution" content="global">
-<meta name="Generator" content="makeinfo">
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<link href="index.html#Top" rel="start" title="Top">
-<link href="Function-and-Data-Index.html#Function-and-Data-Index" rel="index" title="Function and Data Index">
-<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
-<link href="API-reference.html#API-reference" rel="up" title="API reference">
-<link href="Cryptographic-API.html#Cryptographic-API" rel="next" title="Cryptographic API">
-<link href="Socket-specific-API.html#Socket-specific-API" rel="prev" title="Socket specific API">
-<style type="text/css">
-<!--
-a.summary-letter {text-decoration: none}
-blockquote.indentedblock {margin-right: 0em}
-blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
-blockquote.smallquotation {font-size: smaller}
-div.display {margin-left: 3.2em}
-div.example {margin-left: 3.2em}
-div.lisp {margin-left: 3.2em}
-div.smalldisplay {margin-left: 3.2em}
-div.smallexample {margin-left: 3.2em}
-div.smalllisp {margin-left: 3.2em}
-kbd {font-style: oblique}
-pre.display {font-family: inherit}
-pre.format {font-family: inherit}
-pre.menu-comment {font-family: serif}
-pre.menu-preformatted {font-family: serif}
-pre.smalldisplay {font-family: inherit; font-size: smaller}
-pre.smallexample {font-size: smaller}
-pre.smallformat {font-family: inherit; font-size: smaller}
-pre.smalllisp {font-size: smaller}
-span.nolinebreak {white-space: nowrap}
-span.roman {font-family: initial; font-weight: normal}
-span.sansserif {font-family: sans-serif; font-weight: normal}
-ul.no-bullet {list-style: none}
-body {
- margin: 2%;
- padding: 0 5%;
- background: #ffffff;
-}
-h1,h2,h3,h4,h5 {
- font-weight: bold;
- padding: 5px 5px 5px 5px;
- background-color: #c2e0ff;
- color: #336699;
-}
-h1 {
- padding: 2em 2em 2em 5%;
- color: white;
- background: #336699;
- text-align: center;
- letter-spacing: 3px;
-}
-h2 { text-decoration: underline; }
-pre {
- margin: 0 5%;
- padding: 0.5em;
-}
-pre.example,pre.verbatim {
- padding-bottom: 1em;
-
- border: solid #c2e0ff;
- background: #f0faff;
- border-width: 1px 1px 1px 5px;
- margin: 1em auto;
- width: 90%;
-}
-
-div.node {
- margin: 0 -5% 0 -2%;
- padding: 0.5em 0.5em;
- margin-top: 0.5em;
- margin-bottom: 0.5em;
- font-weight: bold;
-}
-dd, li {
- padding-top: 0.1em;
- padding-bottom: 0.1em;
-}
-div.float {
-
- margin-bottom: 0.5em;
- text-align: center;
-}
-
-table {
- text-align: left;
- margin-left:auto;
- margin-right:auto;
- border-spacing: 7px;
- width: 50%;
-}
-
-th {
- padding: 0;
- color: #336699;
- background-color: #c2e0ff;
- border: solid #000000;
- border-width: 0px;
- margin: 1em auto;
- text-align: center;
- margin-left:auto;
- margin-right:auto;
-}
-
-td {
- padding: 0;
- border: solid #000000;
- background-color: #f0faff;
- border-width: 0px;
- margin: 1em auto;
- text-align: left;
- margin-left:auto;
- margin-right:auto;
- padding-left: 1em;
-}
-
-dl {
- text-align: left;
- margin-left:auto;
- margin-right:auto;
- width: 50%;
-
- padding-left: 1em;
- border: solid #c2e0ff;
- background: #f0faff;
- border-width: 5px 1px 1px 1px;
- margin: 1em auto;
-}
-
--->
-</style>
-
-
-</head>
-
-<body lang="en">
-<a name="DANE-API"></a>
-<div class="header">
-<p>
-Next: <a href="Cryptographic-API.html#Cryptographic-API" accesskey="n" rel="next">Cryptographic API</a>, Previous: <a href="Socket-specific-API.html#Socket-specific-API" accesskey="p" rel="prev">Socket specific API</a>, Up: <a href="API-reference.html#API-reference" accesskey="u" rel="up">API reference</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
-</div>
-<hr>
-<a name="DANE-API-1"></a>
-<h3 class="section">E.12 DANE API</h3>
-
-<p>The following functions are to be used for DANE certificate verification.
-Their prototypes lie in <samp>gnutls/dane.h</samp>. Note that you need to link
-with the <code>libgnutls-dane</code> library to use them.
-</p>
-
-<a name="dane_005fcert_005ftype_005fname-1"></a>
-<h4 class="subheading">dane_cert_type_name</h4>
-<a name="dane_005fcert_005ftype_005fname"></a><dl>
-<dt><a name="index-dane_005fcert_005ftype_005fname"></a>Function: <em>const char *</em> <strong>dane_cert_type_name</strong> <em>(dane_cert_type_t <var>type</var>)</em></dt>
-<dd><p><var>type</var>: is a DANE match type
-</p>
-<p>Convert a <code>dane_cert_type_t</code> value to a string.
-</p>
-<p><strong>Returns:</strong> a string that contains the name of the specified
-type, or <code>NULL</code> .
-</p></dd></dl>
-
-<a name="dane_005fcert_005fusage_005fname-1"></a>
-<h4 class="subheading">dane_cert_usage_name</h4>
-<a name="dane_005fcert_005fusage_005fname"></a><dl>
-<dt><a name="index-dane_005fcert_005fusage_005fname"></a>Function: <em>const char *</em> <strong>dane_cert_usage_name</strong> <em>(dane_cert_usage_t <var>usage</var>)</em></dt>
-<dd><p><var>usage</var>: &ndash; undescribed &ndash;
-</p>
-<p>Convert a <code>dane_cert_usage_t</code> value to a string.
-</p>
-<p><strong>Returns:</strong> a string that contains the name of the specified
-type, or <code>NULL</code> .
-</p></dd></dl>
-
-<a name="dane_005fmatch_005ftype_005fname-1"></a>
-<h4 class="subheading">dane_match_type_name</h4>
-<a name="dane_005fmatch_005ftype_005fname"></a><dl>
-<dt><a name="index-dane_005fmatch_005ftype_005fname"></a>Function: <em>const char *</em> <strong>dane_match_type_name</strong> <em>(dane_match_type_t <var>type</var>)</em></dt>
-<dd><p><var>type</var>: is a DANE match type
-</p>
-<p>Convert a <code>dane_match_type_t</code> value to a string.
-</p>
-<p><strong>Returns:</strong> a string that contains the name of the specified
-type, or <code>NULL</code> .
-</p></dd></dl>
-
-<a name="dane_005fquery_005fdata-1"></a>
-<h4 class="subheading">dane_query_data</h4>
-<a name="dane_005fquery_005fdata"></a><dl>
-<dt><a name="index-dane_005fquery_005fdata"></a>Function: <em>int</em> <strong>dane_query_data</strong> <em>(dane_query_t <var>q</var>, unsigned int <var>idx</var>, unsigned int * <var>usage</var>, unsigned int * <var>type</var>, unsigned int * <var>match</var>, gnutls_datum_t * <var>data</var>)</em></dt>
-<dd><p><var>q</var>: The query result structure
-</p>
-<p><var>idx</var>: The index of the query response.
-</p>
-<p><var>usage</var>: The certificate usage (see <code>dane_cert_usage_t</code> )
-</p>
-<p><var>type</var>: The certificate type (see <code>dane_cert_type_t</code> )
-</p>
-<p><var>match</var>: The DANE matching type (see <code>dane_match_type_t</code> )
-</p>
-<p><var>data</var>: The DANE data.
-</p>
-<p>This function will provide the DANE data from the query
-response.
-</p>
-<p><strong>Returns:</strong> On success, <code>DANE_E_SUCCESS</code> (0) is returned, otherwise a
-negative error value.
-</p></dd></dl>
-
-<a name="dane_005fquery_005fdeinit-1"></a>
-<h4 class="subheading">dane_query_deinit</h4>
-<a name="dane_005fquery_005fdeinit"></a><dl>
-<dt><a name="index-dane_005fquery_005fdeinit"></a>Function: <em>void</em> <strong>dane_query_deinit</strong> <em>(dane_query_t <var>q</var>)</em></dt>
-<dd><p><var>q</var>: The structure to be deinitialized
-</p>
-<p>This function will deinitialize a DANE query result structure.
-</p></dd></dl>
-
-<a name="dane_005fquery_005fentries-1"></a>
-<h4 class="subheading">dane_query_entries</h4>
-<a name="dane_005fquery_005fentries"></a><dl>
-<dt><a name="index-dane_005fquery_005fentries"></a>Function: <em>unsigned int</em> <strong>dane_query_entries</strong> <em>(dane_query_t <var>q</var>)</em></dt>
-<dd><p><var>q</var>: The query result structure
-</p>
-<p>This function will return the number of entries in a query.
-</p>
-<p><strong>Returns:</strong> The number of entries.
-</p></dd></dl>
-
-<a name="dane_005fquery_005fstatus-1"></a>
-<h4 class="subheading">dane_query_status</h4>
-<a name="dane_005fquery_005fstatus"></a><dl>
-<dt><a name="index-dane_005fquery_005fstatus"></a>Function: <em>dane_query_status_t</em> <strong>dane_query_status</strong> <em>(dane_query_t <var>q</var>)</em></dt>
-<dd><p><var>q</var>: The query result structure
-</p>
-<p>This function will return the status of the query response.
-See <code>dane_query_status_t</code> for the possible types.
-</p>
-<p><strong>Returns:</strong> The status type.
-</p></dd></dl>
-
-<a name="dane_005fquery_005ftlsa-1"></a>
-<h4 class="subheading">dane_query_tlsa</h4>
-<a name="dane_005fquery_005ftlsa"></a><dl>
-<dt><a name="index-dane_005fquery_005ftlsa"></a>Function: <em>int</em> <strong>dane_query_tlsa</strong> <em>(dane_state_t <var>s</var>, dane_query_t * <var>r</var>, const char * <var>host</var>, const char * <var>proto</var>, unsigned int <var>port</var>)</em></dt>
-<dd><p><var>s</var>: The DANE state structure
-</p>
-<p><var>r</var>: A structure to place the result
-</p>
-<p><var>host</var>: The host name to resolve.
-</p>
-<p><var>proto</var>: The protocol type (tcp, udp, etc.)
-</p>
-<p><var>port</var>: The service port number (eg. 443).
-</p>
-<p>This function will query the DNS server for the TLSA (DANE)
-data for the given host.
-</p>
-<p><strong>Returns:</strong> On success, <code>DANE_E_SUCCESS</code> (0) is returned, otherwise a
-negative error value.
-</p></dd></dl>
-
-<a name="dane_005fquery_005fto_005fraw_005ftlsa-1"></a>
-<h4 class="subheading">dane_query_to_raw_tlsa</h4>
-<a name="dane_005fquery_005fto_005fraw_005ftlsa"></a><dl>
-<dt><a name="index-dane_005fquery_005fto_005fraw_005ftlsa"></a>Function: <em>int</em> <strong>dane_query_to_raw_tlsa</strong> <em>(dane_query_t <var>q</var>, unsigned int * <var>data_entries</var>, char *** <var>dane_data</var>, int ** <var>dane_data_len</var>, int * <var>secure</var>, int * <var>bogus</var>)</em></dt>
-<dd><p><var>q</var>: The query result structure
-</p>
-<p><var>data_entries</var>: Pointer set to the number of entries in the query
-</p>
-<p><var>dane_data</var>: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer;
-caller must guarantee that the referenced data remains
-valid until <code>dane_query_deinit()</code> is called.
-</p>
-<p><var>dane_data_len</var>: Pointer to contain the length n bytes of the dane_data items
-</p>
-<p><var>secure</var>: Pointer set true if the result is validated securely, false if
-validation failed or the domain queried has no security info
-</p>
-<p><var>bogus</var>: Pointer set true if the result was not secure due to a security failure
-</p>
-<p>This function will provide the DANE data from the query
-response.
-</p>
-<p>The pointers dane_data and dane_data_len are allocated with <code>gnutls_malloc()</code>
-to contain the data from the query result structure (individual
- <code>dane_data</code> items simply point to the original data and are not allocated separately).
-The returned <code>dane_data</code> are only valid during the lifetime of <code>q</code> .
-</p>
-<p><strong>Returns:</strong> On success, <code>DANE_E_SUCCESS</code> (0) is returned, otherwise a
-negative error value.
-</p></dd></dl>
-
-<a name="dane_005fraw_005ftlsa-1"></a>
-<h4 class="subheading">dane_raw_tlsa</h4>
-<a name="dane_005fraw_005ftlsa"></a><dl>
-<dt><a name="index-dane_005fraw_005ftlsa"></a>Function: <em>int</em> <strong>dane_raw_tlsa</strong> <em>(dane_state_t <var>s</var>, dane_query_t * <var>r</var>, char *const * <var>dane_data</var>, const int * <var>dane_data_len</var>, int <var>secure</var>, int <var>bogus</var>)</em></dt>
-<dd><p><var>s</var>: The DANE state structure
-</p>
-<p><var>r</var>: A structure to place the result
-</p>
-<p><var>dane_data</var>: array of DNS rdata items, terminated with a NULL pointer;
-caller must guarantee that the referenced data remains
-valid until <code>dane_query_deinit()</code> is called.
-</p>
-<p><var>dane_data_len</var>: the length n bytes of the dane_data items
-</p>
-<p><var>secure</var>: true if the result is validated securely, false if
-validation failed or the domain queried has no security info
-</p>
-<p><var>bogus</var>: if the result was not secure (secure = 0) due to a security failure,
-and the result is due to a security failure, bogus is true.
-</p>
-<p>This function will fill in the TLSA (DANE) structure from
-the given raw DNS record data. The <code>dane_data</code> must be valid
-during the lifetime of the query.
-</p>
-<p><strong>Returns:</strong> On success, <code>DANE_E_SUCCESS</code> (0) is returned, otherwise a
-negative error value.
-</p></dd></dl>
-
-<a name="dane_005fstate_005fdeinit-1"></a>
-<h4 class="subheading">dane_state_deinit</h4>
-<a name="dane_005fstate_005fdeinit"></a><dl>
-<dt><a name="index-dane_005fstate_005fdeinit"></a>Function: <em>void</em> <strong>dane_state_deinit</strong> <em>(dane_state_t <var>s</var>)</em></dt>
-<dd><p><var>s</var>: The structure to be deinitialized
-</p>
-<p>This function will deinitialize a DANE query structure.
-</p></dd></dl>
-
-<a name="dane_005fstate_005finit-1"></a>
-<h4 class="subheading">dane_state_init</h4>
-<a name="dane_005fstate_005finit"></a><dl>
-<dt><a name="index-dane_005fstate_005finit"></a>Function: <em>int</em> <strong>dane_state_init</strong> <em>(dane_state_t * <var>s</var>, unsigned int <var>flags</var>)</em></dt>
-<dd><p><var>s</var>: The structure to be initialized
-</p>
-<p><var>flags</var>: flags from the <code>dane_state_flags</code> enumeration
-</p>
-<p>This function will initialize the backend resolver. It is
-intended to be used in scenarios where multiple resolvings
-occur, to optimize against multiple re-initializations.
-</p>
-<p><strong>Returns:</strong> On success, <code>DANE_E_SUCCESS</code> (0) is returned, otherwise a
-negative error value.
-</p></dd></dl>
-
-<a name="dane_005fstate_005fset_005fdlv_005ffile-1"></a>
-<h4 class="subheading">dane_state_set_dlv_file</h4>
-<a name="dane_005fstate_005fset_005fdlv_005ffile"></a><dl>
-<dt><a name="index-dane_005fstate_005fset_005fdlv_005ffile"></a>Function: <em>int</em> <strong>dane_state_set_dlv_file</strong> <em>(dane_state_t <var>s</var>, const char * <var>file</var>)</em></dt>
-<dd><p><var>s</var>: The structure to be deinitialized
-</p>
-<p><var>file</var>: The file holding the DLV keys.
-</p>
-<p>This function will set a file with trusted keys
-for DLV (DNSSEC Lookaside Validation).
-</p></dd></dl>
-
-<a name="dane_005fstrerror-1"></a>
-<h4 class="subheading">dane_strerror</h4>
-<a name="dane_005fstrerror"></a><dl>
-<dt><a name="index-dane_005fstrerror"></a>Function: <em>const char *</em> <strong>dane_strerror</strong> <em>(int <var>error</var>)</em></dt>
-<dd><p><var>error</var>: is a DANE error code, a negative error code
-</p>
-<p>This function is similar to strerror. The difference is that it
-accepts an error number returned by a gnutls function; In case of
-an unknown error a descriptive string is sent instead of <code>NULL</code> .
-</p>
-<p>Error codes are always a negative error code.
-</p>
-<p><strong>Returns:</strong> A string explaining the DANE error message.
-</p></dd></dl>
-
-<a name="dane_005fverification_005fstatus_005fprint-1"></a>
-<h4 class="subheading">dane_verification_status_print</h4>
-<a name="dane_005fverification_005fstatus_005fprint"></a><dl>
-<dt><a name="index-dane_005fverification_005fstatus_005fprint"></a>Function: <em>int</em> <strong>dane_verification_status_print</strong> <em>(unsigned int <var>status</var>, gnutls_datum_t * <var>out</var>, unsigned int <var>flags</var>)</em></dt>
-<dd><p><var>status</var>: The status flags to be printed
-</p>
-<p><var>out</var>: Newly allocated datum with (0) terminated string.
-</p>
-<p><var>flags</var>: should be zero
-</p>
-<p>This function will pretty print the status of a verification
-process &ndash; eg. the one obtained by <code>dane_verify_crt()</code> .
-</p>
-<p>The output <code>out</code> needs to be deallocated using <code>gnutls_free()</code> .
-</p>
-<p><strong>Returns:</strong> On success, <code>GNUTLS_E_SUCCESS</code> (0) is returned, otherwise a
-negative error value.
-</p></dd></dl>
-
-<a name="dane_005fverify_005fcrt-1"></a>
-<h4 class="subheading">dane_verify_crt</h4>
-<a name="dane_005fverify_005fcrt"></a><dl>
-<dt><a name="index-dane_005fverify_005fcrt-1"></a>Function: <em>int</em> <strong>dane_verify_crt</strong> <em>(dane_state_t <var>s</var>, const gnutls_datum_t * <var>chain</var>, unsigned <var>chain_size</var>, gnutls_certificate_type_t <var>chain_type</var>, const char * <var>hostname</var>, const char * <var>proto</var>, unsigned int <var>port</var>, unsigned int <var>sflags</var>, unsigned int <var>vflags</var>, unsigned int * <var>verify</var>)</em></dt>
-<dd><p><var>s</var>: A DANE state structure (may be NULL)
-</p>
-<p><var>chain</var>: A certificate chain
-</p>
-<p><var>chain_size</var>: The size of the chain
-</p>
-<p><var>chain_type</var>: The type of the certificate chain
-</p>
-<p><var>hostname</var>: The hostname associated with the chain
-</p>
-<p><var>proto</var>: The protocol of the service connecting (e.g. tcp)
-</p>
-<p><var>port</var>: The port of the service connecting (e.g. 443)
-</p>
-<p><var>sflags</var>: Flags for the the initialization of <code>s</code> (if NULL)
-</p>
-<p><var>vflags</var>: Verification flags; an OR&rsquo;ed list of <code>dane_verify_flags_t</code> .
-</p>
-<p><var>verify</var>: An OR&rsquo;ed list of <code>dane_verify_status_t</code> .
-</p>
-<p>This function will verify the given certificate chain against the
-CA constrains and/or the certificate available via DANE.
-If no information via DANE can be obtained the flag <code>DANE_VERIFY_NO_DANE_INFO</code>
-is set. If a DNSSEC signature is not available for the DANE
-record then the verify flag <code>DANE_VERIFY_NO_DNSSEC_DATA</code> is set.
-</p>
-<p>Due to the many possible options of DANE, there is no single threat
-model countered. When notifying the user about DANE verification results
-it may be better to mention: DANE verification did not reject the certificate,
-rather than mentioning a successful DANE verication.
-</p>
-<p>Note that this function is designed to be run in addition to
-PKIX - certificate chain - verification. To be run independently
-the <code>DANE_VFLAG_ONLY_CHECK_EE_USAGE</code> flag should be specified;
-then the function will check whether the key of the peer matches the
-key advertized in the DANE entry.
-</p>
-<p><strong>Returns:</strong> a negative error code on error and <code>DANE_E_SUCCESS</code> (0)
-when the DANE entries were successfully parsed, irrespective of
-whether they were verified (see <code>verify</code> for that information). If
-no usable entries were encountered <code>DANE_E_REQUESTED_DATA_NOT_AVAILABLE</code>
-will be returned.
-</p></dd></dl>
-
-<a name="dane_005fverify_005fcrt_005fraw-1"></a>
-<h4 class="subheading">dane_verify_crt_raw</h4>
-<a name="dane_005fverify_005fcrt_005fraw"></a><dl>
-<dt><a name="index-dane_005fverify_005fcrt_005fraw"></a>Function: <em>int</em> <strong>dane_verify_crt_raw</strong> <em>(dane_state_t <var>s</var>, const gnutls_datum_t * <var>chain</var>, unsigned <var>chain_size</var>, gnutls_certificate_type_t <var>chain_type</var>, dane_query_t <var>r</var>, unsigned int <var>sflags</var>, unsigned int <var>vflags</var>, unsigned int * <var>verify</var>)</em></dt>
-<dd><p><var>s</var>: A DANE state structure (may be NULL)
-</p>
-<p><var>chain</var>: A certificate chain
-</p>
-<p><var>chain_size</var>: The size of the chain
-</p>
-<p><var>chain_type</var>: The type of the certificate chain
-</p>
-<p><var>r</var>: DANE data to check against
-</p>
-<p><var>sflags</var>: Flags for the the initialization of <code>s</code> (if NULL)
-</p>
-<p><var>vflags</var>: Verification flags; an OR&rsquo;ed list of <code>dane_verify_flags_t</code> .
-</p>
-<p><var>verify</var>: An OR&rsquo;ed list of <code>dane_verify_status_t</code> .
-</p>
-<p>This is the low-level function of <code>dane_verify_crt()</code> . See the
-high level function for documentation.
-</p>
-<p>This function does not perform any resolving, it utilizes
-cached entries from <code>r</code> .
-</p>
-<p><strong>Returns:</strong> a negative error code on error and <code>DANE_E_SUCCESS</code> (0)
-when the DANE entries were successfully parsed, irrespective of
-whether they were verified (see <code>verify</code> for that information). If
-no usable entries were encountered <code>DANE_E_REQUESTED_DATA_NOT_AVAILABLE</code>
-will be returned.
-</p></dd></dl>
-
-<a name="dane_005fverify_005fsession_005fcrt-1"></a>
-<h4 class="subheading">dane_verify_session_crt</h4>
-<a name="dane_005fverify_005fsession_005fcrt"></a><dl>
-<dt><a name="index-dane_005fverify_005fsession_005fcrt"></a>Function: <em>int</em> <strong>dane_verify_session_crt</strong> <em>(dane_state_t <var>s</var>, gnutls_session_t <var>session</var>, const char * <var>hostname</var>, const char * <var>proto</var>, unsigned int <var>port</var>, unsigned int <var>sflags</var>, unsigned int <var>vflags</var>, unsigned int * <var>verify</var>)</em></dt>
-<dd><p><var>s</var>: A DANE state structure (may be NULL)
-</p>
-<p><var>session</var>: A gnutls session
-</p>
-<p><var>hostname</var>: The hostname associated with the chain
-</p>
-<p><var>proto</var>: The protocol of the service connecting (e.g. tcp)
-</p>
-<p><var>port</var>: The port of the service connecting (e.g. 443)
-</p>
-<p><var>sflags</var>: Flags for the the initialization of <code>s</code> (if NULL)
-</p>
-<p><var>vflags</var>: Verification flags; an OR&rsquo;ed list of <code>dane_verify_flags_t</code> .
-</p>
-<p><var>verify</var>: An OR&rsquo;ed list of <code>dane_verify_status_t</code> .
-</p>
-<p>This function will verify session&rsquo;s certificate chain against the
-CA constrains and/or the certificate available via DANE.
-See <code>dane_verify_crt()</code> for more information.
-</p>
-<p>This will not verify the chain for validity; unless the DANE
-verification is restricted to end certificates, this must be
-be performed separately using <code>gnutls_certificate_verify_peers3()</code> .
-</p>
-<p><strong>Returns:</strong> a negative error code on error and <code>DANE_E_SUCCESS</code> (0)
-when the DANE entries were successfully parsed, irrespective of
-whether they were verified (see <code>verify</code> for that information). If
-no usable entries were encountered <code>DANE_E_REQUESTED_DATA_NOT_AVAILABLE</code>
-will be returned.
-</p></dd></dl>
-
-
-<hr>
-<div class="header">
-<p>
-Next: <a href="Cryptographic-API.html#Cryptographic-API" accesskey="n" rel="next">Cryptographic API</a>, Previous: <a href="Socket-specific-API.html#Socket-specific-API" accesskey="p" rel="prev">Socket specific API</a>, Up: <a href="API-reference.html#API-reference" accesskey="u" rel="up">API reference</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-and-Data-Index.html#Function-and-Data-Index" title="Index" rel="index">Index</a>]</p>
-</div>
-
-
-
-</body>
-</html>
View Lorry Controller Status