From 478dc838cb27a358d6b5158ee627a40c0cf7a818 Mon Sep 17 00:00:00 2001 From: schwarze <> Date: Thu, 29 Jul 2021 10:13:45 +0000 Subject: Document X509_STORE_set_verify_func(3), mostly using text from the OpenSSL 1.1.1 branch, which is still under a free license, tweaked by me. While here, garbage collect the weird BUGS section. --- .../libcrypto/man/X509_STORE_set_verify_cb_func.3 | 40 +++++++++++++++++----- 1 file changed, 32 insertions(+), 8 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 index 052c28b6a8..59b1feff77 100644 --- a/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 +++ b/src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 @@ -1,5 +1,6 @@ -.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.9 2020/03/29 17:05:02 schwarze Exp $ -.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.10 2021/07/29 10:13:45 schwarze Exp $ +.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400 +.\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100 .\" .\" This file was written by Dr. Stephen Henson . .\" Copyright (c) 2009 The OpenSSL Project. All rights reserved. @@ -48,12 +49,13 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 29 2020 $ +.Dd $Mdocdate: July 29 2021 $ .Dt X509_STORE_SET_VERIFY_CB_FUNC 3 .Os .Sh NAME .Nm X509_STORE_set_verify_cb , -.Nm X509_STORE_set_verify_cb_func +.Nm X509_STORE_set_verify_cb_func , +.Nm X509_STORE_set_verify_func .Nd set verification callback .Sh SYNOPSIS .In openssl/x509_vfy.h @@ -67,6 +69,11 @@ .Fa "X509_STORE *st" .Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)" .Fc +.Ft void +.Fo X509_STORE_set_verify_func +.Fa "X509_STORE *st" +.Fa "int (*verify_func)(X509_STORE_CTX *ctx)" +.Fc .Sh DESCRIPTION .Fn X509_STORE_set_verify_cb sets the verification callback of @@ -86,17 +93,34 @@ structure when it is initialized. This can be used to set the verification callback when the .Vt X509_STORE_CTX is otherwise inaccessible (for example during S/MIME verification). +.Pp +.Fn X509_STORE_set_verify_func +sets the final chain verification function for +.Fa st +to +.Fa verify_func . +Its purpose is to go through the chain of certificates and check +that all signatures are valid and that the current time is within +the limits of each certificate's first and last validity time. +The final chain verification function +must return 0 on failure and 1 on success. +If +.Fn X509_STORE_set_verify_func +is not called or called with +.Fa verify_func +set to a +.Dv NULL +pointer, the built-in default function is used. .Sh SEE ALSO .Xr X509_STORE_CTX_set_verify_cb 3 , .Xr X509_STORE_new 3 .Sh HISTORY .Fn X509_STORE_set_verify_cb_func -first appeared in SSLeay 0.8.0 and has been available since +and +.Fn X509_STORE_set_verify_func +first appeared in SSLeay 0.8.0 and have been available since .Ox 2.4 . .Pp .Fn X509_STORE_set_verify_cb first appeared in OpenSSL 1.0.0 and has been available since .Ox 4.9 . -.Sh BUGS -The macro version of this function was the only one available before -OpenSSL 1.0.0. -- cgit v1.2.3-55-g6feb