1 files changed, 412 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_verify.3 b/src/lib/libssl/doc/SSL_CTX_set_verify.3
new file mode 100644
index 0000000000..6ce2e60089
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_CTX_set_verify.3
@@ -0,0 +1,412 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CTX_SET_VERIFY 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_verify ,
+.Nm SSL_set_verify ,
+.Nm SSL_CTX_set_verify_depth ,
+.Nm SSL_set_verify_depth
+.Nd set peer certificate verification parameters
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft void
+.Fo SSL_CTX_set_verify
+.Fa "SSL_CTX *ctx"
+.Fa "int mode"
+.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
+.Fc
+.Ft void
+.Fo SSL_set_verify
+.Fa "SSL *s"
+.Fa "int mode"
+.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
+.Fc
+.Ft void
+.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth"
+.Ft void
+.Fn SSL_set_verify_depth "SSL *s" "int depth"
+.Ft int
+.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx"
+.Sh DESCRIPTION
+.Fn SSL_CTX_set_verify
+sets the verification flags for
+.Fa ctx
+to be
+.Fa mode
+and
+specifies the
+.Fa verify_callback
+function to be used.
+If no callback function shall be specified, the
+.Dv NULL
+pointer can be used for
+.Fa verify_callback .
+.Pp
+.Fn SSL_set_verify
+sets the verification flags for
+.Fa ssl
+to be
+.Fa mode
+and specifies the
+.Fa verify_callback
+function to be used.
+If no callback function shall be specified, the
+.Dv NULL
+pointer can be used for
+.Fa verify_callback .
+In this case last
+.Fa verify_callback
+set specifically for this
+.Fa ssl
+remains.
+If no special callback was set before, the default callback for the underlying
+.Fa ctx
+is used, that was valid at the time
+.Fa ssl
+was created with
+.Xr SSL_new 3 .
+.Pp
+.Fn SSL_CTX_set_verify_depth
+sets the maximum
+.Fa depth
+for the certificate chain verification that shall be allowed for
+.Fa ctx .
+(See the
+.Sx BUGS
+section.)
+.Pp
+.Fn SSL_set_verify_depth
+sets the maximum
+.Fa depth
+for the certificate chain verification that shall be allowed for
+.Fa ssl .
+(See the
+.Sx BUGS
+section.)
+.Sh NOTES
+The verification of certificates can be controlled by a set of bitwise ORed
+.Fa mode
+flags:
+.Bl -tag -width Ds
+.It Dv SSL_VERIFY_NONE
+.Em Server mode:
+the server will not send a client certificate request to the client,
+so the client will not send a certificate.
+.Pp
+.Em Client mode:
+if not using an anonymous cipher (by default disabled),
+the server will send a certificate which will be checked.
+The result of the certificate verification process can be checked after the
+TLS/SSL handshake using the
+.Xr SSL_get_verify_result 3
+function.
+The handshake will be continued regardless of the verification result.
+.It Dv SSL_VERIFY_PEER
+.Em Server mode:
+the server sends a client certificate request to the client.
+The certificate returned (if any) is checked.
+If the verification process fails,
+the TLS/SSL handshake is immediately terminated with an alert message
+containing the reason for the verification failure.
+The behaviour can be controlled by the additional
+.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+and
+.Dv SSL_VERIFY_CLIENT_ONCE
+flags.
+.Pp
+.Em Client mode:
+the server certificate is verified.
+If the verification process fails,
+the TLS/SSL handshake is immediately terminated with an alert message
+containing the reason for the verification failure.
+If no server certificate is sent, because an anonymous cipher is used,
+.Dv SSL_VERIFY_PEER
+is ignored.
+.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+.Em Server mode:
+if the client did not return a certificate, the TLS/SSL
+handshake is immediately terminated with a
+.Dq handshake failure
+alert.
+This flag must be used together with
+.Dv SSL_VERIFY_PEER.
+.Pp
+.Em Client mode:
+ignored
+.It Dv SSL_VERIFY_CLIENT_ONCE
+.Em Server mode:
+only request a client certificate on the initial TLS/SSL handshake.
+Do not ask for a client certificate again in case of a renegotiation.
+This flag must be used together with
+.Dv SSL_VERIFY_PEER .
+.Pp
+.Em Client mode:
+ignored
+.El
+.Pp
+Exactly one of the
+.Fa mode
+flags
+.Dv SSL_VERIFY_NONE
+and
+.Dv SSL_VERIFY_PEER
+must be set at any time.
+.Pp
+The actual verification procedure is performed either using the built-in
+verification procedure or using another application provided verification
+function set with
+.Xr SSL_CTX_set_cert_verify_callback 3 .
+The following descriptions apply in the case of the built-in procedure.
+An application provided procedure also has access to the verify depth
+information and the
+.Fa verify_callback Ns ()
+function, but the way this information is used may be different.
+.Pp
+.Fn SSL_CTX_set_verify_depth
+and
+.Fn SSL_set_verify_depth
+set the limit up to which depth certificates in a chain are used during the
+verification procedure.
+If the certificate chain is longer than allowed,
+the certificates above the limit are ignored.
+Error messages are generated as if these certificates would not be present,
+most likely a
+.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
+will be issued.
+The depth count is
+.Dq level 0: peer certificate ,
+.Dq level 1: CA certificate ,
+.Dq level 2: higher level CA certificate ,
+and so on.
+Setting the maximum depth to 2 allows the levels 0, 1, and 2.
+The default depth limit is 100,
+allowing for the peer certificate and an additional 100 CA certificates.
+.Pp
+The
+.Fa verify_callback
+function is used to control the behaviour when the
+.Dv SSL_VERIFY_PEER
+flag is set.
+It must be supplied by the application and receives two arguments:
+.Fa preverify_ok
+indicates whether the verification of the certificate in question was passed
+(preverify_ok=1) or not (preverify_ok=0).
+.Fa x509_ctx
+is a pointer to the complete context used
+for the certificate chain verification.
+.Pp
+The certificate chain is checked starting with the deepest nesting level
+(the root CA certificate) and worked upward to the peer's certificate.
+At each level signatures and issuer attributes are checked.
+Whenever a verification error is found, the error number is stored in
+.Fa x509_ctx
+and
+.Fa verify_callback
+is called with
+.Fa preverify_ok
+equal to 0.
+By applying
+.Fn X509_CTX_store_*
+functions
+.Fa verify_callback
+can locate the certificate in question and perform additional steps (see
+.Sx EXAMPLES ) .
+If no error is found for a certificate,
+.Fa verify_callback
+is called with
+.Fa preverify_ok
+equal to 1 before advancing to the next level.
+.Pp
+The return value of
+.Fa verify_callback
+controls the strategy of the further verification process.
+If
+.Fa verify_callback
+returns 0, the verification process is immediately stopped with
+.Dq verification failed
+state.
+If
+.Dv SSL_VERIFY_PEER
+is set, a verification failure alert is sent to the peer and the TLS/SSL
+handshake is terminated.
+If
+.Fa verify_callback
+returns 1, the verification process is continued.
+If
+.Fa verify_callback
+always returns 1,
+the TLS/SSL handshake will not be terminated with respect to verification
+failures and the connection will be established.
+The calling process can however retrieve the error code of the last
+verification error using
+.Xr SSL_get_verify_result 3
+or by maintaining its own error storage managed by
+.Fa verify_callback .
+.Pp
+If no
+.Fa verify_callback
+is specified, the default callback will be used.
+Its return value is identical to
+.Fa preverify_ok ,
+so that any verification
+failure will lead to a termination of the TLS/SSL handshake with an
+alert message, if
+.Dv SSL_VERIFY_PEER
+is set.
+.Sh RETURN VALUES
+The
+.Fn SSL*_set_verify*
+functions do not provide diagnostic information.
+.Sh EXAMPLES
+The following code sequence realizes an example
+.Fa verify_callback
+function that will always continue the TLS/SSL handshake regardless of
+verification failure, if wished.
+The callback realizes a verification depth limit with more informational output.
+.Pp
+All verification errors are printed;
+information about the certificate chain is printed on request.
+The example is realized for a server that does allow but not require client
+certificates.
+.Pp
+The example makes use of the ex_data technique to store application data
+into/retrieve application data from the
+.Vt SSL
+structure (see
+.Xr SSL_get_ex_new_index 3 ,
+.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) .
+.Bd -literal
+\&...
+typedef struct {
+        int     verbose_mode;
+        int     verify_depth;
+        int     always_continue;
+} mydata_t;
+int mydata_index;
+\&...
+static int
+verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
+{
+        char buf[256];
+        X509 *err_cert;
+        int err, depth;
+        SSL *ssl;
+        mydata_t *mydata;
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        err = X509_STORE_CTX_get_error(ctx);
+        depth = X509_STORE_CTX_get_error_depth(ctx);
+        /*
+         * Retrieve the pointer to the SSL of the connection currently
+         * treated * and the application specific data stored into the
+         * SSL object.
+         */
+        ssl = X509_STORE_CTX_get_ex_data(ctx,
+            SSL_get_ex_data_X509_STORE_CTX_idx());
+        mydata = SSL_get_ex_data(ssl, mydata_index);
+        X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
+        /*
+         * Catch a too long certificate chain. The depth limit set using
+         * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
+         * that whenever the "depth>verify_depth" condition is met, we
+         * have violated the limit and want to log this error condition.
+         * We must do it here, because the CHAIN_TOO_LONG error would not
+         * be found explicitly; only errors introduced by cutting off the
+         * additional certificates would be logged.
+         */
+        if (depth > mydata->verify_depth) {
+                preverify_ok = 0;
+                err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+                X509_STORE_CTX_set_error(ctx, err);
+        }
+        if (!preverify_ok) {
+                printf("verify error:num=%d:%s:depth=%d:%s\en", err,
+                    X509_verify_cert_error_string(err), depth, buf);
+        } else if (mydata->verbose_mode) {
+                printf("depth=%d:%s\en", depth, buf);
+        }
+        /*
+         * At this point, err contains the last verification error.
+         * We can use it for something special
+         */
+        if (!preverify_ok && (err ==
+            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
+                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
+                    buf, 256);
+                printf("issuer= %s\en", buf);
+        }
+        if (mydata->always_continue)
+                return 1;
+        else
+                return preverify_ok;
+}
+\&...
+mydata_t mydata;
+\&...
+mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
+\&...
+SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
+    verify_callback);
+/*
+ * Let the verify_callback catch the verify_depth error so that we get
+ * an appropriate error in the logfile.
+ */
+SSL_CTX_set_verify_depth(verify_depth + 1);
+/*
+ * Set up the SSL specific data into "mydata" and store it into the SSL
+ * structure.
+ */
+mydata.verify_depth = verify_depth; ...
+SSL_set_ex_data(ssl, mydata_index, &mydata);
+\&...
+SSL_accept(ssl); /* check of success left out for clarity */
+if (peer = SSL_get_peer_certificate(ssl)) {
+        if (SSL_get_verify_result(ssl) == X509_V_OK) {
+                /* The client sent a certificate which verified OK */
+        }
+}
+.Ed
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_get_verify_mode 3 ,
+.Xr SSL_CTX_load_verify_locations 3 ,
+.Xr SSL_CTX_set_cert_verify_callback 3 ,
+.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
+.Xr SSL_get_ex_new_index 3 ,
+.Xr SSL_get_peer_certificate 3 ,
+.Xr SSL_get_verify_result 3 ,
+.Xr SSL_new 3
+.Sh BUGS
+In client mode, it is not checked whether the
+.Dv SSL_VERIFY_PEER
+flag is set, but whether
+.Dv SSL_VERIFY_NONE
+is not set.
+This can lead to unexpected behaviour, if the
+.Dv SSL_VERIFY_PEER
+and
+.Dv SSL_VERIFY_NONE
+are not used as required (exactly one must be set at any time).
+.Pp
+The certificate verification depth set with
+.Fn SSL[_CTX]_verify_depth
+stops the verification at a certain depth.
+The error message produced will be that of an incomplete certificate chain and
+not
+.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG
+as may be expected.

diff --git a/src/lib/libssl/doc/SSL_CTX_set_verify.3 b/src/lib/libssl/doc/SSL_CTX_set_verify.3 new file mode 100644 index 0000000000..6ce2e60089 --- /dev/null +++ b/src/lib/libssl/doc/SSL_CTX_set_verify.3
@@ -0,0 +1,412 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_CTX_SET_VERIFY 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_CTX_set_verify ,
	6	.Nm SSL_set_verify ,
	7	.Nm SSL_CTX_set_verify_depth ,
	8	.Nm SSL_set_verify_depth
	9	.Nd set peer certificate verification parameters
	10	.Sh SYNOPSIS
	11	.In openssl/ssl.h
	12	.Ft void
	13	.Fo SSL_CTX_set_verify
	14	.Fa "SSL_CTX *ctx"
	15	.Fa "int mode"
	16	.Fa "int (verify_callback)(int, X509_STORE_CTX )"
	17	.Fc
	18	.Ft void
	19	.Fo SSL_set_verify
	20	.Fa "SSL *s"
	21	.Fa "int mode"
	22	.Fa "int (verify_callback)(int, X509_STORE_CTX )"
	23	.Fc
	24	.Ft void
	25	.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth"
	26	.Ft void
	27	.Fn SSL_set_verify_depth "SSL *s" "int depth"
	28	.Ft int
	29	.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx"
	30	.Sh DESCRIPTION
	31	.Fn SSL_CTX_set_verify
	32	sets the verification flags for
	33	.Fa ctx
	34	to be
	35	.Fa mode
	36	and
	37	specifies the
	38	.Fa verify_callback
	39	function to be used.
	40	If no callback function shall be specified, the
	41	.Dv NULL
	42	pointer can be used for
	43	.Fa verify_callback .
	44	.Pp
	45	.Fn SSL_set_verify
	46	sets the verification flags for
	47	.Fa ssl
	48	to be
	49	.Fa mode
	50	and specifies the
	51	.Fa verify_callback
	52	function to be used.
	53	If no callback function shall be specified, the
	54	.Dv NULL
	55	pointer can be used for
	56	.Fa verify_callback .
	57	In this case last
	58	.Fa verify_callback
	59	set specifically for this
	60	.Fa ssl
	61	remains.
	62	If no special callback was set before, the default callback for the underlying
	63	.Fa ctx
	64	is used, that was valid at the time
	65	.Fa ssl
	66	was created with
	67	.Xr SSL_new 3 .
	68	.Pp
	69	.Fn SSL_CTX_set_verify_depth
	70	sets the maximum
	71	.Fa depth
	72	for the certificate chain verification that shall be allowed for
	73	.Fa ctx .
	74	(See the
	75	.Sx BUGS
	76	section.)
	77	.Pp
	78	.Fn SSL_set_verify_depth
	79	sets the maximum
	80	.Fa depth
	81	for the certificate chain verification that shall be allowed for
	82	.Fa ssl .
	83	(See the
	84	.Sx BUGS
	85	section.)
	86	.Sh NOTES
	87	The verification of certificates can be controlled by a set of bitwise ORed
	88	.Fa mode
	89	flags:
	90	.Bl -tag -width Ds
	91	.It Dv SSL_VERIFY_NONE
	92	.Em Server mode:
	93	the server will not send a client certificate request to the client,
	94	so the client will not send a certificate.
	95	.Pp
	96	.Em Client mode:
	97	if not using an anonymous cipher (by default disabled),
	98	the server will send a certificate which will be checked.
	99	The result of the certificate verification process can be checked after the
	100	TLS/SSL handshake using the
	101	.Xr SSL_get_verify_result 3
	102	function.
	103	The handshake will be continued regardless of the verification result.
	104	.It Dv SSL_VERIFY_PEER
	105	.Em Server mode:
	106	the server sends a client certificate request to the client.
	107	The certificate returned (if any) is checked.
	108	If the verification process fails,
	109	the TLS/SSL handshake is immediately terminated with an alert message
	110	containing the reason for the verification failure.
	111	The behaviour can be controlled by the additional
	112	.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
	113	and
	114	.Dv SSL_VERIFY_CLIENT_ONCE
	115	flags.
	116	.Pp
	117	.Em Client mode:
	118	the server certificate is verified.
	119	If the verification process fails,
	120	the TLS/SSL handshake is immediately terminated with an alert message
	121	containing the reason for the verification failure.
	122	If no server certificate is sent, because an anonymous cipher is used,
	123	.Dv SSL_VERIFY_PEER
	124	is ignored.
	125	.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
	126	.Em Server mode:
	127	if the client did not return a certificate, the TLS/SSL
	128	handshake is immediately terminated with a
	129	.Dq handshake failure
	130	alert.
	131	This flag must be used together with
	132	.Dv SSL_VERIFY_PEER.
	133	.Pp
	134	.Em Client mode:
	135	ignored
	136	.It Dv SSL_VERIFY_CLIENT_ONCE
	137	.Em Server mode:
	138	only request a client certificate on the initial TLS/SSL handshake.
	139	Do not ask for a client certificate again in case of a renegotiation.
	140	This flag must be used together with
	141	.Dv SSL_VERIFY_PEER .
	142	.Pp
	143	.Em Client mode:
	144	ignored
	145	.El
	146	.Pp
	147	Exactly one of the
	148	.Fa mode
	149	flags
	150	.Dv SSL_VERIFY_NONE
	151	and
	152	.Dv SSL_VERIFY_PEER
	153	must be set at any time.
	154	.Pp
	155	The actual verification procedure is performed either using the built-in
	156	verification procedure or using another application provided verification
	157	function set with
	158	.Xr SSL_CTX_set_cert_verify_callback 3 .
	159	The following descriptions apply in the case of the built-in procedure.
	160	An application provided procedure also has access to the verify depth
	161	information and the
	162	.Fa verify_callback Ns ()
	163	function, but the way this information is used may be different.
	164	.Pp
	165	.Fn SSL_CTX_set_verify_depth
	166	and
	167	.Fn SSL_set_verify_depth
	168	set the limit up to which depth certificates in a chain are used during the
	169	verification procedure.
	170	If the certificate chain is longer than allowed,
	171	the certificates above the limit are ignored.
	172	Error messages are generated as if these certificates would not be present,
	173	most likely a
	174	.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
	175	will be issued.
	176	The depth count is
	177	.Dq level 0: peer certificate ,
	178	.Dq level 1: CA certificate ,
	179	.Dq level 2: higher level CA certificate ,
	180	and so on.
	181	Setting the maximum depth to 2 allows the levels 0, 1, and 2.
	182	The default depth limit is 100,
	183	allowing for the peer certificate and an additional 100 CA certificates.
	184	.Pp
	185	The
	186	.Fa verify_callback
	187	function is used to control the behaviour when the
	188	.Dv SSL_VERIFY_PEER
	189	flag is set.
	190	It must be supplied by the application and receives two arguments:
	191	.Fa preverify_ok
	192	indicates whether the verification of the certificate in question was passed
	193	(preverify_ok=1) or not (preverify_ok=0).
	194	.Fa x509_ctx
	195	is a pointer to the complete context used
	196	for the certificate chain verification.
	197	.Pp
	198	The certificate chain is checked starting with the deepest nesting level
	199	(the root CA certificate) and worked upward to the peer's certificate.
	200	At each level signatures and issuer attributes are checked.
	201	Whenever a verification error is found, the error number is stored in
	202	.Fa x509_ctx
	203	and
	204	.Fa verify_callback
	205	is called with
	206	.Fa preverify_ok
	207	equal to 0.
	208	By applying
	209	.Fn X509_CTX_store_*
	210	functions
	211	.Fa verify_callback
	212	can locate the certificate in question and perform additional steps (see
	213	.Sx EXAMPLES ) .
	214	If no error is found for a certificate,
	215	.Fa verify_callback
	216	is called with
	217	.Fa preverify_ok
	218	equal to 1 before advancing to the next level.
	219	.Pp
	220	The return value of
	221	.Fa verify_callback
	222	controls the strategy of the further verification process.
	223	If
	224	.Fa verify_callback
	225	returns 0, the verification process is immediately stopped with
	226	.Dq verification failed
	227	state.
	228	If
	229	.Dv SSL_VERIFY_PEER
	230	is set, a verification failure alert is sent to the peer and the TLS/SSL
	231	handshake is terminated.
	232	If
	233	.Fa verify_callback
	234	returns 1, the verification process is continued.
	235	If
	236	.Fa verify_callback
	237	always returns 1,
	238	the TLS/SSL handshake will not be terminated with respect to verification
	239	failures and the connection will be established.
	240	The calling process can however retrieve the error code of the last
	241	verification error using
	242	.Xr SSL_get_verify_result 3
	243	or by maintaining its own error storage managed by
	244	.Fa verify_callback .
	245	.Pp
	246	If no
	247	.Fa verify_callback
	248	is specified, the default callback will be used.
	249	Its return value is identical to
	250	.Fa preverify_ok ,
	251	so that any verification
	252	failure will lead to a termination of the TLS/SSL handshake with an
	253	alert message, if
	254	.Dv SSL_VERIFY_PEER
	255	is set.
	256	.Sh RETURN VALUES
	257	The
	258	.Fn SSL_set_verify
	259	functions do not provide diagnostic information.
	260	.Sh EXAMPLES
	261	The following code sequence realizes an example
	262	.Fa verify_callback
	263	function that will always continue the TLS/SSL handshake regardless of
	264	verification failure, if wished.
	265	The callback realizes a verification depth limit with more informational output.
	266	.Pp
	267	All verification errors are printed;
	268	information about the certificate chain is printed on request.
	269	The example is realized for a server that does allow but not require client
	270	certificates.
	271	.Pp
	272	The example makes use of the ex_data technique to store application data
	273	into/retrieve application data from the
	274	.Vt SSL
	275	structure (see
	276	.Xr SSL_get_ex_new_index 3 ,
	277	.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) .
	278	.Bd -literal
	279	\&...
	280
	281	typedef struct {
	282	int verbose_mode;
	283	int verify_depth;
	284	int always_continue;
	285	} mydata_t;
	286	int mydata_index;
	287	\&...
	288	static int
	289	verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
	290	{
	291	char buf[256];
	292	X509 *err_cert;
	293	int err, depth;
	294	SSL *ssl;
	295	mydata_t *mydata;
	296
	297	err_cert = X509_STORE_CTX_get_current_cert(ctx);
	298	err = X509_STORE_CTX_get_error(ctx);
	299	depth = X509_STORE_CTX_get_error_depth(ctx);
	300
	301	/*
	302	* Retrieve the pointer to the SSL of the connection currently
	303	* treated * and the application specific data stored into the
	304	* SSL object.
	305	*/
	306	ssl = X509_STORE_CTX_get_ex_data(ctx,
	307	SSL_get_ex_data_X509_STORE_CTX_idx());
	308	mydata = SSL_get_ex_data(ssl, mydata_index);
	309
	310	X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
	311
	312	/*
	313	* Catch a too long certificate chain. The depth limit set using
	314	* SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
	315	* that whenever the "depth>verify_depth" condition is met, we
	316	* have violated the limit and want to log this error condition.
	317	* We must do it here, because the CHAIN_TOO_LONG error would not
	318	* be found explicitly; only errors introduced by cutting off the
	319	* additional certificates would be logged.
	320	*/
	321	if (depth > mydata->verify_depth) {
	322	preverify_ok = 0;
	323	err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
	324	X509_STORE_CTX_set_error(ctx, err);
	325	}
	326	if (!preverify_ok) {
	327	printf("verify error:num=%d:%s:depth=%d:%s\en", err,
	328	X509_verify_cert_error_string(err), depth, buf);
	329	} else if (mydata->verbose_mode) {
	330	printf("depth=%d:%s\en", depth, buf);
	331	}
	332
	333	/*
	334	* At this point, err contains the last verification error.
	335	* We can use it for something special
	336	*/
	337	if (!preverify_ok && (err ==
	338	X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
	339	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
	340	buf, 256);
	341	printf("issuer= %s\en", buf);
	342	}
	343
	344	if (mydata->always_continue)
	345	return 1;
	346	else
	347	return preverify_ok;
	348	}
	349	\&...
	350
	351	mydata_t mydata;
	352
	353	\&...
	354
	355	mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
	356
	357	\&...
	358
	359	SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER\|SSL_VERIFY_CLIENT_ONCE,
	360	verify_callback);
	361
	362	/*
	363	* Let the verify_callback catch the verify_depth error so that we get
	364	* an appropriate error in the logfile.
	365	*/
	366	SSL_CTX_set_verify_depth(verify_depth + 1);
	367
	368	/*
	369	* Set up the SSL specific data into "mydata" and store it into the SSL
	370	* structure.
	371	*/
	372	mydata.verify_depth = verify_depth; ...
	373	SSL_set_ex_data(ssl, mydata_index, &mydata);
	374
	375	\&...
	376
	377	SSL_accept(ssl); /* check of success left out for clarity */
	378	if (peer = SSL_get_peer_certificate(ssl)) {
	379	if (SSL_get_verify_result(ssl) == X509_V_OK) {
	380	/* The client sent a certificate which verified OK */
	381	}
	382	}
	383	.Ed
	384	.Sh SEE ALSO
	385	.Xr ssl 3 ,
	386	.Xr SSL_CTX_get_verify_mode 3 ,
	387	.Xr SSL_CTX_load_verify_locations 3 ,
	388	.Xr SSL_CTX_set_cert_verify_callback 3 ,
	389	.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
	390	.Xr SSL_get_ex_new_index 3 ,
	391	.Xr SSL_get_peer_certificate 3 ,
	392	.Xr SSL_get_verify_result 3 ,
	393	.Xr SSL_new 3
	394	.Sh BUGS
	395	In client mode, it is not checked whether the
	396	.Dv SSL_VERIFY_PEER
	397	flag is set, but whether
	398	.Dv SSL_VERIFY_NONE
	399	is not set.
	400	This can lead to unexpected behaviour, if the
	401	.Dv SSL_VERIFY_PEER
	402	and
	403	.Dv SSL_VERIFY_NONE
	404	are not used as required (exactly one must be set at any time).
	405	.Pp
	406	The certificate verification depth set with
	407	.Fn SSL[_CTX]_verify_depth
	408	stops the verification at a certain depth.
	409	The error message produced will be that of an incomplete certificate chain and
	410	not
	411	.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG
	412	as may be expected.