Manual Page Result
0
Command: SSL_set1_param | Section: 3 | Source: OpenBSD | File: SSL_set1_param.3
SSL_SET1_PARAM(3) FreeBSD Library Functions Manual SSL_SET1_PARAM(3)
NAME
SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param -
get and set verification parameters
SYNOPSIS
#include <openssl/ssl.h>
X509_VERIFY_PARAM *
SSL_CTX_get0_param(SSL_CTX *ctx);
X509_VERIFY_PARAM *
SSL_get0_param(SSL *ssl);
int
SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
int
SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
DESCRIPTION
SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to
the verification parameters for ctx or ssl, respectively. The returned
pointer must not be freed by the calling application, but the application
can modify the parameters pointed to, to suit its needs: for example to
add a hostname check.
SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters
to vpm for ctx or ssl.
RETURN VALUES
SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an
X509_VERIFY_PARAM structure.
SSL_CTX_set1_param() and SSL_set1_param() return 1 for success or 0 for
failure.
EXAMPLES
Check that the hostname matches www.foo.com in the peer certificate:
X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
SEE ALSO
ssl(3), X509_VERIFY_PARAM_set_flags(3)
HISTORY
SSL_CTX_set1_param() and SSL_set1_param() first appeared in OpenSSL 1.0.0
and have been available since OpenBSD 4.9.
SSL_CTX_get0_param() and SSL_get0_param() first appeared in OpenSSL 1.0.2
and have been available since OpenBSD 6.3.
FreeBSD 14.1-RELEASE-p8 September 10, 2022 FreeBSD 14.1-RELEASE-p8