HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |ARGUMENTS |DESCRIPTION |RETURNS |SINCE |REPORTING BUGS |COPYRIGHT |SEE ALSO |COLOPHON | |
gnutls_x509_c...heck_hostname2(3) gnutlsgnutls_x509_c...heck_hostname2(3)gnutls_x509_crt_check_hostname2 - API function
#include <gnutls/x509.h>unsigned gnutls_x509_crt_check_hostname2(gnutls_x509_crt_tcert,const char *hostname, unsigned intflags);
gnutls_x509_crt_t cert should contain an gnutls_x509_crt_t type const char * hostname A null terminated string that contains a DNS name unsigned int flags gnutls_certificate_verify_flags
This function will check if the given certificate's subject matches the given hostname. This is a basic implementation of the matching described in RFC6125, and takes into account wildcards, and the DNSName/IPAddress subject alternative name PKIX extension. IPv4 addresses are accepted by this function in the dotted-decimal format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative name extension is consulted. Previous versions to 3.6.0 of GnuTLS in case of a non-match would consult (in a non-standard extension) the DNSname and CN fields. This is no longer the case. When the flagGNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDSis specified no wildcards are considered. Otherwise they are only considered if the domain name consists of three components or more, and the wildcard starts at the leftmost position. When the flagGNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHESis specified, the input will be treated as a DNS name, and matching of textual IP addresses against the IPAddress part of the alternative name will not be allowed. The functiongnutls_x509_crt_check_ip()is available for matching IP addresses.
non-zero for a successful match, and zero on failure.
3.3.0
Report bugs to <bugs@gnutls.org>. Home page:https://www.gnutls.org
Copyright © 2001-2023 Free Software Foundation, Inc., and others. Copying and distribution of this file, with or without modification, are permitted in any medium without royalty provided the copyright notice and this notice are preserved.
The full documentation forgnutlsis maintained as a Texinfo manual. If the /usr/share/doc/gnutls/ directory does not contain the HTML form visithttps://www.gnutls.org/manual/
This page is part of theGnuTLS (GnuTLS Transport Layer Security Library) project. Information about the project can be found at ⟨http://www.gnutls.org/⟩. If you have a bug report for this manual page, send it to bugs@gnutls.org. This page was obtained from the tarball fetched from ⟨https://www.gnupg.org/ftp/gcrypt/gnutls/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orggnutls 3.8.10gnutls_x509_c...heck_hostname2(3)HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |