<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head profile="http://internetalchemy.org/2003/02/profile">
<link rel="foaf" type="application/rdf+xml" title="FOAF" href="http://www.openlinksw.com/dataspace/uda/about.rdf" />
<link rel="schema.dc" href="http://purl.org/dc/elements/1.1/" />
<meta name="dc.title" content="Function: x509_certificate_verify - Virtuoso Functions Guide" />
<meta name="dc.subject" content="Function: x509_certificate_verify - Virtuoso Functions Guide" />
<meta name="dc.creator" content="OpenLink Software Documentation Team ; " />
<meta name="dc.copyright" content="OpenLink Software, 1999 - 2009" />
<link rel="top" href="index.html" title="OpenLink Virtuoso Universal Server: Documentation" />
<link rel="search" href="/doc/adv_search.vspx" title="Search OpenLink Virtuoso Universal Server: Documentation" />
<link rel="parent" href="functions.html" title="Chapter Contents" />
<link rel="prev" href="appendixa.html" title="Appendix" />
<link rel="next" href="functions.html#.html" title="" />
<link rel="shortcut icon" href="../images/misc/favicon.ico" type="image/x-icon" />
<link rel="stylesheet" type="text/css" href="doc.css" />
<link rel="stylesheet" type="text/css" href="/doc/translation.css" />
<title>Function: x509_certificate_verify - Virtuoso Functions Guide</title>
<meta http-equiv="Content-Type" content="text/xhtml; charset=UTF-8" />
<meta name="author" content="OpenLink Software Documentation Team ; " />
<meta name="copyright" content="OpenLink Software, 1999 - 2009" />
<meta name="keywords" content="" />
<meta name="GENERATOR" content="OpenLink XSLT Team" />
</head>
<body>
<div id="header">
<a name="fn_x509_certificate_verify" />
<img src="../images/misc/logo.jpg" alt="" />
<h1>22. Virtuoso Functions Guide - x509_certificate_verify</h1>
</div>
<div id="navbartop">
<div>
<a class="link" href="functions.html">Chapter Contents</a> | <a class="link" href="fn_dsig_template_ext.html" title="dsig_template_ext">Prev</a> | <a class="link" href="fn_xenc_X509_certificate_serialize.html" title="xenc_X509_certificate_serialize">Next</a>
</div>
</div>
<div id="currenttoc">
<form method="post" action="/doc/adv_search.vspx">
<div class="search">Keyword Search: <br />
<input type="text" name="q" /> <input type="submit" name="go" value="Go" />
</div>
</form>
<div>
<a href="http://www.openlinksw.com/">www.openlinksw.com</a>
</div>
<div>
<a href="http://docs.openlinksw.com/">docs.openlinksw.com</a>
</div>
<br />
<div>
<a href="index.html">Book Home</a>
</div>
<br />
<div>
<a href="contents.html">Contents</a>
</div>
<div>
<a href="preface.html">Preface</a>
</div>
<br />
<div>
<a class="selected" href="functions.html">Virtuoso Functions Guide</a>
</div>
<br />
<div>
<a href="functions.html#admin">Administration</a>
</div>
<div>
<a href="functions.html#aggr">Aggregate Functions</a>
</div>
<div>
<a href="functions.html#array">Array Manipulation</a>
</div>
<div>
<a href="functions.html#bpel">BPEL APIs</a>
</div>
<div>
<a href="functions.html#backup">Backup</a>
</div>
<div>
<a href="functions.html#compression">Compression</a>
</div>
<div>
<a href="functions.html#cursors">Cursor</a>
</div>
<div>
<a href="functions.html#time">Date & Time Manipulation</a>
</div>
<div>
<a href="functions.html#debug">Debug</a>
</div>
<div>
<a href="functions.html#dict">Dictionary Manipulation</a>
</div>
<div>
<a href="functions.html#encoding">Encoding & Decoding</a>
</div>
<div>
<a href="functions.html#file">File Manipulation</a>
</div>
<div>
<a href="functions.html#ft">Free Text</a>
</div>
<div>
<a class="selected" href="functions.html#hash">Hashing / Cryptographic</a>
</div>
<div class="selected">
<div>
<a href="fn_dsig_template_ext.html">dsig_template_ext</a>
</div>
<div>
<a href="fn_md5.html">md5</a>
</div>
<div>
<a href="fn_md5_final.html">md5_final</a>
</div>
<div>
<a href="fn_md5_init.html">md5_init</a>
</div>
<div>
<a href="fn_md5_update.html">md5_update</a>
</div>
<div>
<a href="fn_tree_md5.html">tree_md5</a>
</div>
<div>
<a class="selected" href="fn_x509_certificate_verify.html">x509_certificate_ver...</a>
</div>
<div>
<a href="fn_x509_csr_generate.html">x509_csr_generate</a>
</div>
<div>
<a href="fn_xenc_SPKI_read.html">xenc_spki_read</a>
</div>
<div>
<a href="fn_xenc_X509_certificate_serialize.html">xenc_x509_certificat...</a>
</div>
<div>
<a href="fn_xenc_bn2dec.html">xenc_bn2dec</a>
</div>
<div>
<a href="fn_xenc_decrypt_soap.html">xenc_decrypt_soap</a>
</div>
<div>
<a href="fn_xenc_delete_temp_keys.html">xenc_delete_temp_key...</a>
</div>
<div>
<a href="fn_xenc_encrypt.html">xenc_encrypt</a>
</div>
<div>
<a href="fn_xenc_get_key_algo.html">xenc_get_key_algo</a>
</div>
<div>
<a href="fn_xenc_get_key_identifier.html">xenc_get_key_identif...</a>
</div>
<div>
<a href="fn_xenc_key_3DES_create.html">xenc_key_3des_create</a>
</div>
<div>
<a href="fn_xenc_key_3DES_rand_create.html">xenc_key_3des_rand_c...</a>
</div>
<div>
<a href="fn_xenc_key_3DES_read.html">xenc_key_3des_read</a>
</div>
<div>
<a href="fn_xenc_key_AES_create.html">xenc_key_aes_create</a>
</div>
<div>
<a href="fn_xenc_key_AES_rand_create.html">xenc_key_aes_rand_cr...</a>
</div>
<div>
<a href="fn_xenc_key_DSA_create.html">xenc_key_dsa_create</a>
</div>
<div>
<a href="fn_xenc_key_DSA_read.html">xenc_key_dsa_read</a>
</div>
<div>
<a href="fn_xenc_key_RSA_create.html">xenc_key_rsa_create</a>
</div>
<div>
<a href="fn_xenc_key_RSA_read.html">xenc_key_rsa_read</a>
</div>
<div>
<a href="fn_xenc_key_create_cert.html">xenc_key_create_cert</a>
</div>
<div>
<a href="fn_xenc_key_exists.html">xenc_key_exists</a>
</div>
<div>
<a href="fn_xenc_key_inst_create.html">xenc_key_inst_create</a>
</div>
<div>
<a href="fn_xenc_key_remove.html">xenc_key_remove</a>
</div>
<div>
<a href="fn_xenc_key_serialize.html">xenc_key_serialize</a>
</div>
<div>
<a href="fn_xenc_pem_export.html">xenc_pem_export</a>
</div>
<div>
<a href="fn_xenc_pkcs12_export.html">xenc_pkcs12_export</a>
</div>
<div>
<a href="fn_xenc_set_primary_key.html">xenc_set_primary_key</a>
</div>
<div>
<a href="fn_xenc_x509_generate.html">xenc_x509_generate</a>
</div>
<div>
<a href="fn_xenc_x509_ss_generate.html">xenc_x509_ss_generat...</a>
</div>
</div>
<div>
<a href="functions.html#ldap">LDAP</a>
</div>
<div>
<a href="functions.html#localization">Locale</a>
</div>
<div>
<a href="functions.html#mail">Mail</a>
</div>
<div>
<a href="functions.html#misc">Miscellaneous</a>
</div>
<div>
<a href="functions.html#number">Number</a>
</div>
<div>
<a href="functions.html#phrz">Phrases</a>
</div>
<div>
<a href="functions.html#rdf">RDF data</a>
</div>
<div>
<a href="functions.html#rmt">Remote SQL Data Source</a>
</div>
<div>
<a href="functions.html#repl">Replication</a>
</div>
<div>
<a href="functions.html#soap">SOAP</a>
</div>
<div>
<a href="functions.html#sql">SQL</a>
</div>
<div>
<a href="functions.html#string">String</a>
</div>
<div>
<a href="functions.html#txn">Transaction</a>
</div>
<div>
<a href="functions.html#type">Type Mapping</a>
</div>
<div>
<a href="functions.html#uddi">UDDI</a>
</div>
<div>
<a href="functions.html#udt">User Defined Types & The CLR</a>
</div>
<div>
<a href="functions.html#vad">VAD</a>
</div>
<div>
<a href="functions.html#jvmpl">Virtuoso Java PL API</a>
</div>
<div>
<a href="functions.html#bif">Virtuoso Server Extension Interface (VSEI)</a>
</div>
<div>
<a href="functions.html#ws">Web & Internet</a>
</div>
<div>
<a href="functions.html#xml">XML</a>
</div>
<div>
<a href="functions.html#XPATH">XPATH & XQUERY</a>
</div>
<br />
<div>
<a href="functionidx.html">Functions Index</a>
</div>
<br />
</div>
<div id="text">
<h2>x509_certificate_verify</h2>
<div class="refpurpose">Verifies X.509 certificate</div>
<div class="funcsynopsis">
<span class="funcdef">varchar <span class="function">x509_certificate_verify</span>
</span>
(<span class="paramdef">in <span class="parameter">cert</span> varchar</span>,
<span class="paramdef">in <span class="parameter">cacerts</span> any</span>,
<span class="paramdefoptional">[in <span class="optional">flags</span> varchar]</span>);
</div>
<div class="refsect1">
<div class="refsect1title">Description</div>
<p>
This function takes a X.509 certificate and verifies it against
list of CA certificates. It checks for various certificate
attributes such as self signed, expiration date etc.
If an error is detected it will be signalled.
</p>
<p>
The certificates are passed as a strings containing X.509
certificate binary data in DER (raw) format.
</p>
</div>
<div class="refsect1">
<div class="refsect1title">Parameters</div>
<div class="refsect2">
<span class="refsect2title">cert – </span>
The X.509 certificate to be verified</div>
<div class="refsect2">
<span class="refsect2title">cacerts – </span>
array of strings containing CA certificates</div>
<div class="refsect2">
<span class="refsect2title">flags – </span>
A string containing comma separated list of verification options. See table below for valid values.
<table class="data">
<caption>Table: 22.1. Values for flags</caption>
<tr>
<th class="data">Option</th>
<th class="data">Description</th>
</tr>
<tr>
<td class="data">expired</td>
<td class="data">Do not check for expiration</td>
</tr>
<tr>
<td class="data">self-signed</td>
<td class="data">Do not treat self signed certificate as error</td>
</tr>
<tr>
<td class="data">invalid-ca</td>
<td class="data">Ignore invalid CA</td>
</tr>
<tr>
<td class="data">invalid-purpose</td>
<td class="data">Ignore invalid certificate purpose</td>
</tr>
<tr>
<td class="data">unhandled-extension</td>
<td class="data">Ignore unhandled critical extension</td>
</tr>
</table>
<br />
</div>
</div>
<div class="refsect1">
<div class="refsect1title">Return Types</div>
<p>None</p>
</div>
<div class="refsect1title">Errors</div>
<table class="data">
<tr>
<th class="data">SQLState</th>
<th class="data">Error Code</th>
<th class="data">Error Text</th>
<th class="data">Description</th>
</tr>
<tr>
<td class="data">
<a name="err22023" />
<span class="errorcode">22023</span>
</td>
<td class="data">
<a name="errCR014" />
<span class="errorcode">CR014</span>
</td>
<td class="data">
<span class="errorname">Invalid certificate</span>
</td>
<td class="data">The input can't be decoded as a X.509 certificate</td>
</tr>
<tr>
<td class="data">
<a name="err22023" />
<span class="errorcode">22023</span>
</td>
<td class="data">
<a name="errCR016" />
<span class="errorcode">CR016</span>
</td>
<td class="data">
<span class="errorname">Can not allocate a X509 store</span>
</td>
<td class="data" />
</tr>
<tr>
<td class="data">
<a name="err22023" />
<span class="errorcode">22023</span>
</td>
<td class="data">
<a name="errCR019" />
<span class="errorcode">CR019</span>
</td>
<td class="data">
<span class="errorname">Invalid CA certificate</span>
</td>
<td class="data">Some of CA certificates can not be loaded due to bad format</td>
</tr>
<tr>
<td class="data">
<a name="err22023" />
<span class="errorcode">22023</span>
</td>
<td class="data">
<a name="errCR017" />
<span class="errorcode">CR017</span>
</td>
<td class="data">
<span class="errorname">Can not allocate X509 verification context</span>
</td>
<td class="data" />
</tr>
<tr>
<td class="data">
<a name="err22023" />
<span class="errorcode">22023</span>
</td>
<td class="data">
<a name="errCR018" />
<span class="errorcode">CR018</span>
</td>
<td class="data">
<span class="errorname">Can not initialize X509 verification context</span>
</td>
<td class="data" />
</tr>
<tr>
<td class="data">
<a name="err22023" />
<span class="errorcode">22023</span>
</td>
<td class="data">
<a name="errCR015" />
<span class="errorcode">CR015</span>
</td>
<td class="data">
<span class="errorname">X509 error: [the verification error text]</span>
</td>
<td class="data" />
</tr>
</table>
<br />
<p />
<div class="refsect1">
<div class="refsect1title">Examples</div>
<a name="ex_x509_certificate_verify" />
<div class="example">
<div class="exampletitle">Verification of a X.509 certificate</div>
<div>
<pre class="programlisting">
SQL> x509_certificate_verify (file_to_string ('keys/srv/cert.cer'), vector (file_to_string ('keys/srv/ca.cer')), 'self-signed');
Done. -- 29 msec.
</pre>
</div>
</div>
</div>
<div class="refsect1">
<div class="refsect1title">See Also</div>
<p>
<a href="fn_get_certificate_info.html">get_certificate_info()</a>
</p>
</div>
</div>
<div id="footer">
<div>Copyright© 1999 - 2009 OpenLink Software All rights reserved.</div>
<div id="validation">
<a href="http://validator.w3.org/check/referer">
<img src="http://www.w3.org/Icons/valid-xhtml10" alt="Valid XHTML 1.0!" height="31" width="88" />
</a>
<a href="http://jigsaw.w3.org/css-validator/">
<img src="http://jigsaw.w3.org/css-validator/images/vcss" alt="Valid CSS!" height="31" width="88" />
</a>
</div>
</div>
</body>
</html>
distrib
>
Fedora
>
14
>
x86_64
>
media
>
updates
>
by-pkgid
>
71d40963b505df4524269198e237b3e3
>
files
>
687
