catboks_checkcert - Keon 4.x certificate verification
#include <cat/boks.h>
int catboks_checkcert(cat_session *sess, int keyusage);
This function calls Keon Security Server 4.x to verify the peer's
certificate against the Keon Security Server 4.x CA database and CRL.
Normal certificate verifications, like validity checking, is also
performed.
Only the first certificate in the session certificate chain (the peer's
certificate) will be verified. This certificate must be available in
sess.
The keyusage argument is a bit mask indicating the intended usage for which the peer
certificate must be issued. If the peer certificate does not carry the
desired key usage, the certificate will be rejected. The peer certificate
can contain more key usage than
keyusage, but not less.
keyusage can be one of the following;
- CAT_DIGITALSIGNATURE_KEYUSAGE
-
The peer's public key is allowed to be used with digital signatures.
- CAT_KEYAGREEMENT_KEYUSAGE
-
The peer's public key is allowed to be used in key agreement.
- CAT_KEYENCIPHERMENT_KEYUSAGE
-
The peer's public key is allowed to be used in key transport.
- CAT_KEYCERTSIGN_KEYUSAGE
-
The peer's public key is allowed to be used for the verification of
signatures (only present in CA certificates).
- CAT_IGNORE_KEYUSAGE
-
Ignore the key usage of the peer, present or not.
The function returns 0 if the peer certificate was successfully verified,
or a negative code otherwise.
cat, catboks