OpenBSD manual page server

Manual Page Search Parameters

X509_STORE_CTX_SET_VERIFY(3) Library Functions Manual X509_STORE_CTX_SET_VERIFY(3)

X509_STORE_CTX_verify_fn, X509_STORE_CTX_set_verify, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_set_verify_func, X509_STORE_get_verifyuser-defined certificate chain verification function

#include <openssl/x509_vfy.h>

typedef int
(*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *ctx);

void
X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);

X509_STORE_CTX_verify_fn
X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);

void
X509_STORE_set_verify(X509_STORE *store, X509_STORE_CTX_verify_fn verify);

void
X509_STORE_set_verify_func(X509_STORE *store, X509_STORE_CTX_verify_fn verify);

X509_STORE_CTX_verify_fn
X509_STORE_get_verify(X509_STORE_CTX *ctx);

() configures ctx to use the verify argument as the X.509 certificate chain verification function instead of the default verification function built into the library when X509_verify_cert(3) is called.

The verify function provided by the user is only called if the X509_V_FLAG_LEGACY_VERIFY or X509_V_FLAG_NO_ALT_CHAINS flag was set on ctx using X509_STORE_CTX_set_flags(3) or X509_VERIFY_PARAM_set_flags(3). Otherwise, it is ignored and a different algorithm is used that does not support replacing the verification function.

() saves the function pointer verify in the given store object. That pointer will be copied to an X509_STORE_CTX object when store is later passed as an argument to X509_STORE_CTX_init(3).

() is an alias for X509_STORE_set_verify() implemented as a macro.

X509_STORE_CTX_verify_fn() is supposed to return 1 to indicate that the chain is valid or 0 if it is not or if an error occurred.

X509_STORE_CTX_get_verify() returns a function pointer previously set with X509_STORE_CTX_set_verify() or X509_STORE_CTX_init(3), or NULL if ctx is uninitialized.

X509_STORE_get_verify() returns the function pointer previously set with X509_STORE_set_verify(), or NULL if that function was not called on the store.

X509_STORE_CTX_init(3), X509_STORE_CTX_set_error(3), X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_STORE_new(3), X509_STORE_set_flags(3), X509_STORE_set_verify_cb(3), X509_verify_cert(3), X509_VERIFY_PARAM_set_flags(3)

X509_STORE_set_verify_func() first appeared in SSLeay 0.8.0 and has been available since OpenBSD 2.4.

X509_STORE_CTX_set_verify() and X509_STORE_CTX_get_verify() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.1.

X509_STORE_CTX_verify_fn(), X509_STORE_set_verify(), and X509_STORE_get_verify() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.2.

November 16, 2022 OpenBSD-current