From aa4d426b4d3527d7e166df1a05058c9a4a0f6683 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 30 Apr 2021 00:33:56 +0200 Subject: initial/final commit --- .../doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 74 ++++++++++++++++++++++ 1 file changed, 74 insertions(+) create mode 100644 openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod (limited to 'openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod') diff --git a/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod new file mode 100644 index 0000000..af303f2 --- /dev/null +++ b/openssl-1.1.0h/doc/ssl/SSL_CTX_set_cert_verify_callback.pod @@ -0,0 +1,74 @@ +=pod + +=head1 NAME + +SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure + +=head1 SYNOPSIS + + #include + + void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *, void *), void *arg); + +=head1 DESCRIPTION + +SSL_CTX_set_cert_verify_callback() sets the verification callback function for +I. SSL objects that are created from I inherit the setting valid at +the time when L is called. + +=head1 NOTES + +Whenever a certificate is verified during a SSL/TLS handshake, a verification +function is called. If the application does not explicitly specify a +verification callback function, the built-in verification function is used. +If a verification callback I is specified via +SSL_CTX_set_cert_verify_callback(), the supplied callback function is called +instead. By setting I to NULL, the default behaviour is restored. + +When the verification must be performed, I will be called with +the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The +argument I is specified by the application when setting I. + +I should return 1 to indicate verification success and 0 to +indicate verification failure. If SSL_VERIFY_PEER is set and I +returns 0, the handshake will fail. As the verification procedure may +allow to continue the connection in case of failure (by always returning 1) +the verification result must be set in any case using the B +member of I so that the calling application will be informed +about the detailed result of the verification procedure! + +Within I, I has access to the I +function set using L. + +=head1 WARNINGS + +Do not mix the verification callback described in this function with the +B function called during the verification process. The +latter is set using the L +family of functions. + +Providing a complete verification procedure including certificate purpose +settings etc is a complex task. The built-in procedure is quite powerful +and in most cases it should be sufficient to modify its behaviour using +the B function. + +=head1 BUGS + +SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. + +=head1 SEE ALSO + +L, L, +L, +L + +=head1 COPYRIGHT + +Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- cgit v1.2.3