blob: fab813ffaa66d3ecd53a2dfd8c4f9c90ccf3d469 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
.\" $OpenBSD: X509_verify_cert.3,v 1.2 2016/11/06 15:52:50 jmc Exp $
.\"
.Dd $Mdocdate: November 6 2016 $
.Dt X509_VERIFY_CERT 3
.Os
.Sh NAME
.Nm X509_verify_cert
.Nd discover and verify X509 certificate chain
.Sh SYNOPSIS
.In openssl/x509.h
.Ft int
.Fo X509_verify_cert
.Fa "X509_STORE_CTX *ctx"
.Fc
.Sh DESCRIPTION
The
.Fn X509_verify_cert
function attempts to discover and validate a certificate chain based on
parameters in
.Fa ctx .
.Pp
Applications rarely call this function directly, but it is used by
OpenSSL internally for certificate validation, in both the S/MIME and
SSL/TLS code.
.Sh RETURN VALUES
If a complete chain can be built and validated this function returns 1,
otherwise it return 0.
.Pp
In exceptional circumstances, it can also return a negative code,
but only if no certificate is set in
.Fa ctx
due to a programming error or if a retry operation is requested
during internal lookups, which never happens with standard lookup
methods.
It is however recommended that application check for <= 0 return
value on error.
.Pp
If the function fails, additional error information can be obtained
by examining
.Fa ctx ,
for example using
.Xr X509_STORE_CTX_get_error 3 .
.Sh SEE ALSO
.Xr X509_STORE_CTX_get_error 3
and the
.Cm verify
entry in
.Xr openssl 1
.Sh HISTORY
.Fn X509_verify_cert
is available in all versions of SSLeay and OpenSSL.
.Sh BUGS
This function uses the header
.In openssl/x509.h
as opposed to most chain verification functions which use
.In openssl/x509_vfy.h .
|
