Upgrade to OpenSSL 0.9.8h.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set_cert_verify_callback.3
CommitLineData
aac4ff6f 1.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sh \" Subsection heading
984263bc
MD
6.br
7.if t .Sp
8.ne 5
9.PP
10\fB\\$1\fR
11.PP
12..
e056f0e0 13.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
14.if t .sp .5v
15.if n .sp
16..
e056f0e0 17.de Vb \" Begin verbatim text
984263bc
MD
18.ft CW
19.nf
20.ne \\$1
21..
e056f0e0 22.de Ve \" End verbatim text
984263bc 23.ft R
984263bc
MD
24.fi
25..
e056f0e0
JR
26.\" Set up some character translations and predefined strings. \*(-- will
27.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
aac4ff6f
PA
28.\" double quote, and \*(R" will give a right double quote. | will give a
29.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
30.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
31.\" expand to `' in nroff, nothing in troff, for use with C<>.
32.tr \(*W-|\(bv\*(Tr
e056f0e0 33.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 34.ie n \{\
e056f0e0
JR
35. ds -- \(*W-
36. ds PI pi
37. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
38. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
39. ds L" ""
40. ds R" ""
41. ds C` ""
42. ds C' ""
984263bc
MD
43'br\}
44.el\{\
e056f0e0
JR
45. ds -- \|\(em\|
46. ds PI \(*p
47. ds L" ``
48. ds R" ''
984263bc 49'br\}
e056f0e0
JR
50.\"
51.\" If the F register is turned on, we'll generate index entries on stderr for
52.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
53.\" entries marked with X<> in POD. Of course, you'll have to process the
54.\" output yourself in some meaningful fashion.
55.if \nF \{\
56. de IX
57. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 58..
e056f0e0
JR
59. nr % 0
60. rr F
984263bc 61.\}
e056f0e0 62.\"
aac4ff6f
PA
63.\" For nroff, turn off justification. Always turn off hyphenation; it makes
64.\" way too many mistakes in technical documents.
65.hy 0
66.if n .na
67.\"
e056f0e0
JR
68.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
69.\" Fear. Run. Save yourself. No user-serviceable parts.
70. \" fudge factors for nroff and troff
984263bc 71.if n \{\
e056f0e0
JR
72. ds #H 0
73. ds #V .8m
74. ds #F .3m
75. ds #[ \f1
76. ds #] \fP
984263bc
MD
77.\}
78.if t \{\
e056f0e0
JR
79. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
80. ds #V .6m
81. ds #F 0
82. ds #[ \&
83. ds #] \&
984263bc 84.\}
e056f0e0 85. \" simple accents for nroff and troff
984263bc 86.if n \{\
e056f0e0
JR
87. ds ' \&
88. ds ` \&
89. ds ^ \&
90. ds , \&
91. ds ~ ~
92. ds /
984263bc
MD
93.\}
94.if t \{\
e056f0e0
JR
95. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
96. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
97. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
98. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
99. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
100. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 101.\}
e056f0e0 102. \" troff and (daisy-wheel) nroff accents
984263bc
MD
103.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
104.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
105.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
106.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
107.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
108.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
109.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
110.ds ae a\h'-(\w'a'u*4/10)'e
111.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 112. \" corrections for vroff
984263bc
MD
113.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
114.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 115. \" for low resolution devices (crt and lpr)
984263bc
MD
116.if \n(.H>23 .if \n(.V>19 \
117\{\
e056f0e0
JR
118. ds : e
119. ds 8 ss
120. ds o a
121. ds d- d\h'-1'\(ga
122. ds D- D\h'-1'\(hy
123. ds th \o'bp'
124. ds Th \o'LP'
125. ds ae ae
126. ds Ae AE
984263bc
MD
127.\}
128.rm #[ #] #H #V #F C
e056f0e0
JR
129.\" ========================================================================
130.\"
131.IX Title "SSL_CTX_set_cert_verify_callback 3"
aac4ff6f 132.TH SSL_CTX_set_cert_verify_callback 3 "2008-09-06" "0.9.8h" "OpenSSL"
984263bc
MD
133.SH "NAME"
134SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
135.SH "SYNOPSIS"
e056f0e0 136.IX Header "SYNOPSIS"
984263bc
MD
137.Vb 1
138\& #include <openssl/ssl.h>
aac4ff6f
PA
139.Ve
140.PP
141.Vb 1
984263bc
MD
142\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
143.Ve
144.SH "DESCRIPTION"
e056f0e0
JR
145.IX Header "DESCRIPTION"
146\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for
147\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at
148the time when \fISSL_new\fR\|(3) is called.
984263bc 149.SH "NOTES"
e056f0e0
JR
150.IX Header "NOTES"
151Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification
984263bc
MD
152function is called. If the application does not explicitly specify a
153verification callback function, the built-in verification function is used.
154If a verification callback \fIcallback\fR is specified via
e056f0e0
JR
155\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
156instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored.
984263bc
MD
157.PP
158When the verification must be performed, \fIcallback\fR will be called with
e056f0e0 159the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
984263bc
MD
160argument \fIarg\fR is specified by the application when setting \fIcallback\fR.
161.PP
e056f0e0
JR
162\&\fIcallback\fR should return 1 to indicate verification success and 0 to
163indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR
984263bc
MD
164returns 0, the handshake will fail. As the verification procedure may
165allow to continue the connection in case of failure (by always returning 1)
166the verification result must be set in any case using the \fBerror\fR
167member of \fIx509_store_ctx\fR so that the calling application will be informed
aac4ff6f 168about the detailed result of the verification procedure!
984263bc
MD
169.PP
170Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR
e056f0e0 171function set using \fISSL_CTX_set_verify\fR\|(3).
984263bc 172.SH "WARNINGS"
e056f0e0 173.IX Header "WARNINGS"
984263bc 174Do not mix the verification callback described in this function with the
e056f0e0
JR
175\&\fBverify_callback\fR function called during the verification process. The
176latter is set using the \fISSL_CTX_set_verify\fR\|(3)
984263bc
MD
177family of functions.
178.PP
179Providing a complete verification procedure including certificate purpose
180settings etc is a complex task. The built-in procedure is quite powerful
181and in most cases it should be sufficient to modify its behaviour using
182the \fBverify_callback\fR function.
183.SH "BUGS"
e056f0e0 184.IX Header "BUGS"
984263bc 185.SH "RETURN VALUES"
e056f0e0
JR
186.IX Header "RETURN VALUES"
187\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information.
984263bc 188.SH "SEE ALSO"
e056f0e0
JR
189.IX Header "SEE ALSO"
190\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3),
191\&\fISSL_get_verify_result\fR\|(3),
192\&\fISSL_CTX_load_verify_locations\fR\|(3)
984263bc 193.SH "HISTORY"
e056f0e0 194.IX Header "HISTORY"
984263bc
MD
195Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR
196was ignored, and \fIcallback\fR was called simply as
197 int (*callback)(X509_STORE_CTX *)
198To compile software written for previous versions of OpenSSL, a dummy
199argument will have to be added to \fIcallback\fR.