NAME

catboks_checkcert - Keon 4.x certificate verification

SYNOPSIS

#include <cat/boks.h>

int catboks_checkcert(cat_session *sess, int keyusage);

DESCRIPTION

This function calls Keon Security Server 4.x to verify the peer's certificate against the Keon Security Server 4.x CA database and CRL. Normal certificate verifications, like validity checking, is also performed.

Only the first certificate in the session certificate chain (the peer's certificate) will be verified. This certificate must be available in sess.

The keyusage argument is a bit mask indicating the intended usage for which the peer certificate must be issued. If the peer certificate does not carry the desired key usage, the certificate will be rejected. The peer certificate can contain more key usage than keyusage, but not less.

keyusage can be one of the following;

CAT_DIGITALSIGNATURE_KEYUSAGE
The peer's public key is allowed to be used with digital signatures.

CAT_KEYAGREEMENT_KEYUSAGE
The peer's public key is allowed to be used in key agreement.

CAT_KEYENCIPHERMENT_KEYUSAGE
The peer's public key is allowed to be used in key transport.

CAT_KEYCERTSIGN_KEYUSAGE
The peer's public key is allowed to be used for the verification of signatures (only present in CA certificates).

CAT_IGNORE_KEYUSAGE
Ignore the key usage of the peer, present or not.

RETURN VALUES

The function returns 0 if the peer certificate was successfully verified, or a negative code otherwise.

SEE ALSO

cat, catboks