Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

SSL_CTX_set_cert_verify_callbOSSL_CTX_set_cert_verify_callback(3)

NAME
       SSL_CTX_set_cert_verify_callback - set peer certificate
       verification procedure

SYNOPSIS
	#include <openssl/ssl.h>

	void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(),
					      char *arg);
	int (*callback)();

DESCRIPTION
       SSL_CTX_set_cert_verify_callback() sets the verification
       callback function for ctx. SSL objects, that are created
       from ctx inherit the setting valid at the time, SSL_new(3)
       is called. arg is currently ignored.

NOTES
       Whenever a certificate is verified during a SSL/TLS
       handshake, a verification function is called. If the
       application does not explicitly specify a verification
       callback function, the built-in verification function is
       used.  If a verification callback callback is specified
       via SSL_CTX_set_cert_verify_callback(), the supplied
       callback function is called instead. By setting callback
       to NULL, the default behaviour is restored.

       When the verification must be performed, callback will be
       called with the argument callback(X509_STORE_CTX
       *x509_store_ctx). The arguments arg that can be specified
       when setting callback are currently ignored.

       callback should return 1 to indicate verification success
       and 0 to indicate verification failure. If SSL_VERIFY_PEER
       is set and callback returns 0, the handshake will fail. As
       the verification procedure may allow to continue the
       connection in case of failure (by always returning 1) the
       verification result must be set in any case using the
       error member of x509_store_ctx, so that the calling
       application will be informed about the detailed result of
       the verification procedure!

       Within x509_store_ctx, callback has access to the
       verify_callback function set using SSL_CTX_set_verify(3).

WARNINGS
       Do not mix the verification callback described in this
       function with the verify_callback function called during
       the verification process. The latter is set using the
       SSL_CTX_set_verify(3) family of functions.

       Providing a complete verification procedure including
       certificate purpose settings etc is a complex task. The
       built-in procedure is quite powerful and in most cases it
       should be sufficient to modify its behaviour using the
       verify_callback function.

BUGS
       It is possible to specify arguments to be passed to the
       verification callback.  Currently they are however not
       passed but ignored.

       The callback function is not specified via a prototype, so
       that no type checking takes place.

RETURN VALUES
       SSL_CTX_set_cert_verify_callback() does not provide
       diagnostic information.

SEE ALSO
       ssl(3), SSL_CTX_set_verify(3), SSL_get_verify_result(3),
       SSL_CTX_load_verify_locations(3)

23/Aug/2001		      SSL_CTX_set_cert_verify_callback(3)

Vote for polarhome