NAME
X509_STORE_CTX_set_verify,
X509_STORE_CTX_get_verify —
user-defined certificate chain
verification function
SYNOPSIS
#include
<openssl/x509_vfy.h>
void
X509_STORE_CTX_set_verify(X509_STORE_CTX
*ctx, int (*verify)(X509_STORE_CTX *));
int
(*X509_STORE_CTX_get_verify(X509_STORE_CTX
*ctx))(X509_STORE_CTX *ctx);
DESCRIPTION
X509_STORE_CTX_set_verify()
configures ctx to use the verify
argument as the X.509 certificate chain verification function instead of the
default verification function built into the library when
X509_verify_cert(3) is called.
The verify function provided by the user is
only called if the X509_V_FLAG_LEGACY_VERIFY or
X509_V_FLAG_NO_ALT_CHAINS flag was set on
ctx using
X509_STORE_CTX_set_flags(3) or
X509_VERIFY_PARAM_set_flags(3). Otherwise, it is ignored and
a different algorithm is used that does not support replacing the
verification function.
RETURN VALUES
X509_STORE_CTX_get_verify() returns a
function pointer to the function previously set with
X509_STORE_CTX_set_verify() or
X509_STORE_CTX_init(3), or NULL if
ctx is uninitialized.
SEE ALSO
X509_STORE_CTX_init(3), X509_STORE_CTX_set_error(3), X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_STORE_new(3), X509_STORE_set_flags(3), X509_STORE_set_verify_cb(3), X509_verify_cert(3), X509_VERIFY_PARAM_set_flags(3)
HISTORY
X509_STORE_CTX_set_verify() and
X509_STORE_CTX_get_verify() first appeared in
OpenSSL 1.1.0 and have been available since OpenBSD
7.1.