OpenBSD manual page server

Manual Page Search Parameters

SSL_SET1_PARAM(3) Library Functions Manual SSL_SET1_PARAM(3)

SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_paramget and set verification parameters

#include <openssl/ssl.h>

X509_VERIFY_PARAM *
SSL_CTX_get0_param(SSL_CTX *ctx);

X509_VERIFY_PARAM *
SSL_get0_param(SSL *ssl);

int
SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);

int
SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);

() and () retrieve an internal pointer to the verification parameters for ctx or ssl, respectively. The returned pointer must not be freed by the calling application, but the application can modify the parameters pointed to, to suit its needs: for example to add a hostname check.

() and () set the verification parameters to vpm for ctx or ssl.

SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an X509_VERIFY_PARAM structure.

SSL_CTX_set1_param() and SSL_set1_param() return 1 for success or 0 for failure.

Check that the hostname matches www.foo.com in the peer certificate:

X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);

ssl(3), X509_VERIFY_PARAM_set_flags(3)

SSL_CTX_set1_param() and SSL_set1_param() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

SSL_CTX_get0_param() and SSL_get0_param() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 6.3.

September 10, 2022 OpenBSD-7.3