OpenBSD manual page server

Manual Page Search Parameters

X509_STORE_CTX_SET_VERIFY(3) Library Functions Manual X509_STORE_CTX_SET_VERIFY(3)

X509_STORE_CTX_set_verify, X509_STORE_CTX_get_verifyuser-defined certificate chain verification function

#include <openssl/x509_vfy.h>

void
X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, int (*verify)(X509_STORE_CTX *));

int
(*X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx))(X509_STORE_CTX *ctx);

() configures ctx to use the verify argument as the X.509 certificate chain verification function instead of the default verification function built into the library when X509_verify_cert(3) is called.

The verify function provided by the user is only called if the X509_V_FLAG_LEGACY_VERIFY or X509_V_FLAG_NO_ALT_CHAINS flag was set on ctx using X509_STORE_CTX_set_flags(3) or X509_VERIFY_PARAM_set_flags(3). Otherwise, it is ignored and a different algorithm is used that does not support replacing the verification function.

X509_STORE_CTX_get_verify() returns a function pointer to the function previously set with X509_STORE_CTX_set_verify() or X509_STORE_CTX_init(3), or NULL if ctx is uninitialized.

X509_STORE_CTX_init(3), X509_STORE_CTX_set_error(3), X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_STORE_new(3), X509_STORE_set_flags(3), X509_STORE_set_verify_cb(3), X509_verify_cert(3), X509_VERIFY_PARAM_set_flags(3)

X509_STORE_CTX_set_verify() and X509_STORE_CTX_get_verify() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.1.

November 23, 2021 OpenBSD-current