** API and ABI modifications:
gnutls_session_get_id2: Added
+gnutls_certificate_update_verify_flags: Added
GNUTLS_CERT_REVOCATION_DATA_TOO_OLD: Added.
GNUTLS_CERT_REVOCATION_DATA_INVALID: Added.
If you are using @funcref{gnutls_certificate_verify_peers2} to verify the
certificate chain, you can call
+@funcref{gnutls_certificate_update_verify_flags} or
@funcref{gnutls_certificate_set_verify_flags} with the flags:
@itemize
@item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2}
as in the following example:
@example
- gnutls_certificate_set_verify_flags (x509cred,
+ gnutls_certificate_update_verify_flags (x509cred,
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5);
@end example
-This will tell the verifier algorithm to enable @code{RSA-MD5} when
+This will signal the verifier algorithm to enable @code{RSA-MD5} when
verifying the certificates.
If you are using @funcref{gnutls_x509_crt_verify} or
* @res: is a gnutls_certificate_credentials_t structure
* @flags: are the flags
*
- * This function will set the flags to be used at verification of the
- * certificates. Flags must be OR of the
- * #gnutls_certificate_verify_flags enumerations. The default
- * for TLS sessions is GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN.
+ * This function will set the flags to be used for verification
+ * of certificates and override any defaults. The provided flags must be an OR of the
+ * #gnutls_certificate_verify_flags enumerations.
*
**/
void
res->verify_flags = flags;
}
+/**
+ * gnutls_certificate_update_verify_flags:
+ * @res: is a gnutls_certificate_credentials_t structure
+ * @flags: are the new flags
+ *
+ * This function will update the default flags to be used for verification
+ * of certificates. The provided flags must be an OR of the
+ * #gnutls_certificate_verify_flags enumerations. The default
+ * for TLS sessions is GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN.
+ *
+ **/
+void
+gnutls_certificate_update_verify_flags (gnutls_certificate_credentials_t
+ res, unsigned int flags)
+{
+ res->verify_flags |= flags;
+}
+
/**
* gnutls_certificate_set_verify_limits:
* @res: is a gnutls_certificate_credentials structure
gnutls_dh_params_t dh_params);
void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t
res, unsigned int flags);
+ void gnutls_certificate_update_verify_flags (gnutls_certificate_credentials_t
+ res, unsigned int flags);
void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t
res, unsigned int max_bits,
unsigned int max_depth);
gnutls_pubkey_import_x509_raw;
gnutls_certificate_get_peers_subkey_id;
gnutls_session_get_id2;
+ gnutls_certificate_update_verify_flags;
} GNUTLS_3_0_0;
GNUTLS_PRIVATE {