NAME
X509_STORE_CTX_verify_fn
,
X509_STORE_CTX_set_verify
,
X509_STORE_CTX_get_verify
,
X509_STORE_set_verify
,
X509_STORE_set_verify_func
,
X509_STORE_get_verify
—
user-defined certificate chain
verification function
SYNOPSIS
#include
<openssl/x509_vfy.h>
typedef int
(*X509_STORE_CTX_verify_fn)
(X509_STORE_CTX
*ctx);
void
X509_STORE_CTX_set_verify
(X509_STORE_CTX
*ctx, X509_STORE_CTX_verify_fn verify);
X509_STORE_CTX_verify_fn
X509_STORE_CTX_get_verify
(X509_STORE_CTX
*ctx);
void
X509_STORE_set_verify
(X509_STORE
*store, X509_STORE_CTX_verify_fn verify);
void
X509_STORE_set_verify_func
(X509_STORE
*store, X509_STORE_CTX_verify_fn verify);
X509_STORE_CTX_verify_fn
X509_STORE_get_verify
(X509_STORE_CTX
*ctx);
DESCRIPTION
X509_STORE_CTX_set_verify
()
configures ctx to use the verify
argument as the X.509 certificate chain verification function instead of the
default verification function built into the library when
X509_verify_cert(3) is called.
The verify function provided by the user is
only called if the X509_V_FLAG_LEGACY_VERIFY
or
X509_V_FLAG_NO_ALT_CHAINS
flag was set on
ctx using
X509_STORE_CTX_set_flags(3) or
X509_VERIFY_PARAM_set_flags(3). Otherwise, it is ignored and
a different algorithm is used that does not support replacing the
verification function.
X509_STORE_set_verify
()
saves the function pointer verify in the given
store object. That pointer will be copied to an
X509_STORE_CTX object when store
is later passed as an argument to
X509_STORE_CTX_init(3).
X509_STORE_set_verify_func
()
is an alias for X509_STORE_set_verify
() implemented
as a macro.
RETURN VALUES
X509_STORE_CTX_verify_fn
() is supposed to
return 1 to indicate that the chain is valid or 0 if it is not or if an
error occurred.
X509_STORE_CTX_get_verify
() returns a
function pointer previously set with
X509_STORE_CTX_set_verify
() or
X509_STORE_CTX_init(3), or NULL
if
ctx is uninitialized.
X509_STORE_get_verify
() returns the
function pointer previously set with
X509_STORE_set_verify
(), or
NULL
if that function was not called on the
store.
SEE ALSO
X509_STORE_CTX_init(3), X509_STORE_CTX_set_error(3), X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_STORE_new(3), X509_STORE_set_flags(3), X509_STORE_set_verify_cb(3), X509_verify_cert(3), X509_VERIFY_PARAM_set_flags(3)
HISTORY
X509_STORE_set_verify_func
() first
appeared in SSLeay 0.8.0 and has been available since
OpenBSD 2.4.
X509_STORE_CTX_set_verify
() and
X509_STORE_CTX_get_verify
() first appeared in
OpenSSL 1.1.0 and have been available since OpenBSD
7.1.
X509_STORE_CTX_verify_fn
(),
X509_STORE_set_verify
(), and
X509_STORE_get_verify
() first appeared in OpenSSL
1.1.0 and have been available since OpenBSD 7.2.