Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set_cert_verify_callback.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
e056f0e0 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
e056f0e0 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
e056f0e0 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
e056f0e0
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
e056f0e0 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
e056f0e0
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
e056f0e0
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
e056f0e0 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
e056f0e0 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
e056f0e0
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
e056f0e0
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
e056f0e0
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
e056f0e0
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
e056f0e0
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
e056f0e0
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
e056f0e0 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
e056f0e0
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
e056f0e0
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
e056f0e0 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
e056f0e0
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
e056f0e0
JR
124.\" ========================================================================
125.\"
126.IX Title "SSL_CTX_set_cert_verify_callback 3"
e3261593 127.TH SSL_CTX_set_cert_verify_callback 3 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc
MD
132.SH "NAME"
133SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
134.SH "SYNOPSIS"
e056f0e0 135.IX Header "SYNOPSIS"
984263bc
MD
136.Vb 1
137\& #include <openssl/ssl.h>
e257b235 138\&
984263bc
MD
139\& void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);
140.Ve
141.SH "DESCRIPTION"
e056f0e0
JR
142.IX Header "DESCRIPTION"
143\&\fISSL_CTX_set_cert_verify_callback()\fR sets the verification callback function for
144\&\fIctx\fR. \s-1SSL\s0 objects that are created from \fIctx\fR inherit the setting valid at
145the time when \fISSL_new\fR\|(3) is called.
984263bc 146.SH "NOTES"
e056f0e0
JR
147.IX Header "NOTES"
148Whenever a certificate is verified during a \s-1SSL/TLS\s0 handshake, a verification
984263bc
MD
149function is called. If the application does not explicitly specify a
150verification callback function, the built-in verification function is used.
151If a verification callback \fIcallback\fR is specified via
e056f0e0
JR
152\&\fISSL_CTX_set_cert_verify_callback()\fR, the supplied callback function is called
153instead. By setting \fIcallback\fR to \s-1NULL\s0, the default behaviour is restored.
984263bc
MD
154.PP
155When the verification must be performed, \fIcallback\fR will be called with
e056f0e0 156the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The
984263bc
MD
157argument \fIarg\fR is specified by the application when setting \fIcallback\fR.
158.PP
e056f0e0
JR
159\&\fIcallback\fR should return 1 to indicate verification success and 0 to
160indicate verification failure. If \s-1SSL_VERIFY_PEER\s0 is set and \fIcallback\fR
984263bc
MD
161returns 0, the handshake will fail. As the verification procedure may
162allow to continue the connection in case of failure (by always returning 1)
163the verification result must be set in any case using the \fBerror\fR
164member of \fIx509_store_ctx\fR so that the calling application will be informed
e257b235 165about the detailed result of the verification procedure!
984263bc
MD
166.PP
167Within \fIx509_store_ctx\fR, \fIcallback\fR has access to the \fIverify_callback\fR
e056f0e0 168function set using \fISSL_CTX_set_verify\fR\|(3).
984263bc 169.SH "WARNINGS"
e056f0e0 170.IX Header "WARNINGS"
984263bc 171Do not mix the verification callback described in this function with the
e056f0e0
JR
172\&\fBverify_callback\fR function called during the verification process. The
173latter is set using the \fISSL_CTX_set_verify\fR\|(3)
984263bc
MD
174family of functions.
175.PP
176Providing a complete verification procedure including certificate purpose
177settings etc is a complex task. The built-in procedure is quite powerful
178and in most cases it should be sufficient to modify its behaviour using
179the \fBverify_callback\fR function.
180.SH "BUGS"
e056f0e0 181.IX Header "BUGS"
984263bc 182.SH "RETURN VALUES"
e056f0e0
JR
183.IX Header "RETURN VALUES"
184\&\fISSL_CTX_set_cert_verify_callback()\fR does not provide diagnostic information.
984263bc 185.SH "SEE ALSO"
e056f0e0
JR
186.IX Header "SEE ALSO"
187\&\fIssl\fR\|(3), \fISSL_CTX_set_verify\fR\|(3),
188\&\fISSL_get_verify_result\fR\|(3),
189\&\fISSL_CTX_load_verify_locations\fR\|(3)
984263bc 190.SH "HISTORY"
e056f0e0 191.IX Header "HISTORY"
984263bc
MD
192Previous to OpenSSL 0.9.7, the \fIarg\fR argument to \fBSSL_CTX_set_cert_verify_callback\fR
193was ignored, and \fIcallback\fR was called simply as
194 int (*callback)(X509_STORE_CTX *)
195To compile software written for previous versions of OpenSSL, a dummy
196argument will have to be added to \fIcallback\fR.