SSL_CTX_set_cert_verify_callSSL_CTX_set_cert_verify_callback(3)





NAME
       SSL_CTX_set_cert_verify_callback - set peer certificate
       verification procedure

SYNOPSIS
        #include <openssl/ssl.h>

        void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);

DESCRIPTION
       SSL_CTX_set_cert_verify_callback() sets the verification
       callback function for ctx. SSL objects that are created
       from ctx inherit the setting valid at the time when
       SSL_new(3) is called.

NOTES
       Whenever a certificate is verified during a SSL/TLS
       handshake, a verification function is called. If the
       application does not explicitly specify a verification
       callback function, the built-in verification function is
       used.  If a verification callback callback is specified
       via SSL_CTX_set_cert_verify_callback(), the supplied
       callback function is called instead. By setting callback
       to NULL, the default behaviour is restored.

       When the verification must be performed, callback will
       be called with the arguments callback(X509_STORE_CTX
       *x509_store_ctx, void *arg). The argument arg is speci-
       fied by the application when setting callback.

       callback should return 1 to indicate verification suc-
       cess and 0 to indicate verification failure. If SSL_VER-
       IFY_PEER is set and callback returns 0, the handshake
       will fail. As the verification procedure may allow to
       continue the connection in case of failure (by always
       returning 1) the verification result must be set in any
       case using the error member of x509_store_ctx so that
       the calling application will be informed about the
       detailed result of the verification procedure!

       Within x509_store_ctx, callback has access to the ver-
       ify_callback function set using SSL_CTX_set_verify(3).

WARNINGS
       Do not mix the verification callback described in this
       function with the verify_callback function called during
       the verification process. The latter is set using the
       SSL_CTX_set_verify(3) family of functions.

       Providing a complete verification procedure including
       certificate purpose settings etc is a complex task. The
       built-in procedure is quite powerful and in most cases
       it should be sufficient to modify its behaviour using
       the verify_callback function.

BUGS
RETURN VALUES
       SSL_CTX_set_cert_verify_callback() does not provide
       diagnostic information.

SEE ALSO
       ssl(3), SSL_CTX_set_verify(3), SSL_get_verify_result(3),
       SSL_CTX_load_verify_locations(3)

HISTORY
       Previous to OpenSSL 0.9.7, the arg argument to
       SSL_CTX_set_cert_verify_callback was ignored, and call-
       back was called simply as
        int (*callback)(X509_STORE_CTX *) To compile software
       written for previous versions of OpenSSL, a dummy argu-
       ment will have to be added to callback.



0.9.7c                     2SSL_CTX_set_cert_verify_callback(3)
