Complete a certificate chain.
Once a certificate chain has been built its status can be examined.
This operation will lookup missing certificates in PKCS#11 modules and also that each certificate in the chain is the signer of the previous one. If a trust anchor, pinned certificate, or self-signed certificate is found, then the chain is considered built. Any extra certificates are removed from the chain.
It's important to understand that building of a certificate chain does not constitute verifying that chain. This is merely the first step towards trust verification.
The purpose
is a string like gcr_purpose_client_auth and is the purpose for which the
certificate chain will be used. Trust anchors are looked up for this purpose. This argument is required.
The peer
is usually the host name of the peer whith which this certificate chain is being used. It is used to look up pinned
certificates that have been stored for this peer. If null then no pinned certificates will be
considered.
If the gcr_certificate_chain_no_lookups flag is specified then no lookups for anchors or pinned certificates are done, and the resulting chain will be neither anchored or pinned. Additionally no missing certificate authorities are looked up in PKCS#11
This call will block, see build_async for the asynchronous version.
this |
the CertificateChain |
purpose |
the purpose the certificate chain will be used for |
peer |
the peer the certificate chain will be used with, or null |
flags |
chain completion flags |
cancellable |
a Cancellable or null |
whether the operation completed successfully |