verify_chain


Description:

public virtual TlsCertificateFlags verify_chain (TlsCertificate chain, string purpose, SocketConnectable? identity, TlsInteraction? interaction, TlsDatabaseVerifyFlags flags, Cancellable? cancellable = null) throws Error

Determines the validity of a certificate chain after looking up and adding any missing certificates to the chain.

chain is a chain of TlsCertificate objects each pointing to the next certificate in the chain by its issuer property. The chain may initially consist of one or more certificates. After the verification process is complete, chain may be modified by adding missing certificates, or removing extra certificates. If a certificate anchor was found, then it is added to the chain.

purpose describes the purpose (or usage) for which the certificate is being used. Typically purpose will be set to TLS_DATABASE_PURPOSE_AUTHENTICATE_SERVER which means that the certificate is being used to authenticate a server (and we are acting as the client).

The identity is used to check for pinned certificates (trust exceptions) in the database. These will override the normal verification process on a host by host basis.

Currently there are no flags, and g_tls_database_verify_none should be used.

If chain is found to be valid, then the return value will be 0. If chain is found to be invalid, then the return value will indicate the problems found. If the function is unable to determine whether chain is valid or not (eg, because cancellable is triggered before it completes) then the return value will be g_tls_certificate_generic_error and throws will be set accordingly. throws is not set when chain is successfully analyzed but found to be invalid.

This function can block, use verify_chain_async to perform the verification operation asynchronously.

Parameters:

this

a TlsDatabase

chain

a TlsCertificate chain

purpose

the purpose that this certificate chain will be used for.

identity

the expected peer identity

interaction

used to interact with the user if necessary

flags

additional verify flags

cancellable

a Cancellable, or null

Returns:

the appropriate TlsCertificateFlags which represents the result of verification.