Method Tools.X509.verify_certificate_chain()
- Method
verify_certificate_chain
mappingverify_certificate_chain(array(string)cert_chain,mappingauthorities,int|voidrequire_trust)- Description
Decodes a certificate chain, checks the signatures. Verifies that the chain is unbroken, and that all certificates are in effect (time-wise.)
Returns a mapping with the following contents, depending on the verification of the certificate chain:
"error_code":intError describing type of verification failure, if verification failed. May be one of the following: CERT_TOO_NEW, CERT_TOO_OLD, CERT_ROOT_UNTRUSTED, CERT_BAD_SIGNATURE, CERT_INVALID, CERT_UNAUTHORIZED_CA or CERT_CHAIN_BROKEN
"error_cert":intIndex number of the certificate that caused the verification failure.
"self_signed":boolNon-zero if the certificate is self-signed.
"verified":boolNon-zero if the certificate is verified.
"authority":stringStandards.ASN1.Sequenceof the authority RDN that verified the chain."cn":stringStandards.ASN1.Sequenceof the common name RDN of the leaf certificate.- Parameter
cert_chain An array of certificates, with the relative-root last. Each certificate should be a DER-encoded certificate.
- Parameter
authorities A mapping from (DER-encoded) names to verifiers.
- Parameter
require_trust Require that the certificate be traced to an authority, even if it is self signed.
See Standards.PKCS.Certificate.get_dn_string for converting the RDN to an X500 style string.