NSSLContextSetFlags

Syntax

#include <cafe.h>
#include <cafe/nssl/nsslclient.h>

NSSL_RVAL NSSLContextSetFlags(NSSLContextHandle context,                        
                              unsigned long flags);

Parameters

context The context for which the flags need to be set.
flags Bitmask of the flags that need to be set. The bitmask can be a bitwise OR combination of any of the following: NSSL_CTX_FLAG_CRL_CHECK_LEAF, NSSL_CTX_FLAG_CRL_CHECK_CHAIN. For more information on the flags, see the Description section below.

Return Values

NSSL_RVAL_OK on success, error code of type NSSL_RVAL on failure.

Description

Sets flags for the context that control behavior during verification of server certificate. Below is the meaning of the flags:

NSSL_CTX_FLAG_CRL_CHECK_LEAF: Enables Certificate Revocation List (CRL) checking only for the leaf certificate. Appropriate CRL for the leaf certificate must be added to the context with NSSLAddCRLExternal, otherwise peer certificate validation will fail with status code of NSSL_CERT_V_ERR_UNABLE_TO_GET_CRL.

NSSL_CTX_FLAG_CRL_CHECK_CHAIN: Enables Certificate Revocation List (CRL) checking for the rest of the certificate chain. This flag is valid and effective only if NSSL_CTX_FLAG_CRL_CHECK_LEAF is also set. Appropriate CRLs for certificates in the certificate chain must be added to the context with NSSLAddCRLExternal, otherwise peer certificate validation will fail with status code of NSSL_CERT_V_ERR_UNABLE_TO_GET_CRL.

Do Not Call From

Callbacks Do not call this function from any callback function.
Interrupt handler Do not call this function from any interrupt handler.
Exception handler Do not call this function from any exception handler.

See Also

NSSLContextClearFlags
NSSLContextGetFlags
NSSLAddCRLExternal

Revision History

2014/06/02 Initial version.


CONFIDENTIAL