Pike v8.0 release 1738

Method Standards.X509.verify_certificate()


Method verify_certificate

TBSCertificate verify_certificate(string s, mapping(string:Verifier|array(Verifier)) authorities, mapping(Standards.ASN1.Types.Identifier:Crypto.Hash)|void options)

Description

Decodes a certificate, checks the signature. Returns the TBSCertificate structure, or 0 if decoding or verification fails. The valid time range for the certificate is not checked.

Parameter authorities

A mapping from (DER-encoded) names to a verifiers.

Parameter options
"verifier_algorithms" : mapping(Standards.ASN1.Types.Identifier:Crypto.Hash)

A mapping of verifier algorithm identifier to hash algorith implementation.

Note

This function allows self-signed certificates, and it doesn't check that names or extensions make sense.