



@deftypefun {int} {gnutls_certificate_verify_peers2} (gnutls_session_t @var{session}, unsigned int * @var{status})
@var{session}: is a gnutls session

@var{status}: is the output of the verification

This function will try to verify the peer's certificate and return
its status (trusted, invalid etc.).  The value of  @code{status} should
be one or more of the gnutls_certificate_status_t enumerated
elements bitwise or'd. To avoid denial of service attacks some
default upper limits regarding the certificate key size and chain
size are set. To override them use
@code{gnutls_certificate_set_verify_limits()} .

Note that you must also check the peer's name in order to check if
the verified certificate belongs to the actual peer.

This function uses @code{gnutls_x509_crt_list_verify()}  with the CAs in
the credentials as trusted CAs.

@strong{Returns:} a negative error code on error and @code{GNUTLS_E_SUCCESS}  (0) on success.
@end deftypefun
