*** UNIX MANUAL PAGE BROWSER ***

A Nergahak database for man pages research.

Navigation

Location: Home > OpenBSD > Section 3 > X509_STORE_CTX_set_verify
Quick Actions: [Home] [Up]

Directory Browser

1Browse 4.4BSD4.4BSD
1Browse Digital UNIXDigital UNIX 4.0e
1Browse FreeBSDFreeBSD 14.3
1Browse MINIXMINIX 3.4.0rc6-d5e4fc0
1Browse NetBSDNetBSD 10.1
1Browse OpenBSDOpenBSD 7.7
1Browse UNIX v7Version 7 UNIX
1Browse UNIX v10Version 10 UNIX

Manual Page Search

Manual Page Result

0 Command: X509_STORE_CTX_set_verify | Section: 3 | Source: OpenBSD | File: X509_STORE_CTX_set_verify.3
X509_STORE_CTX_SET_VERIFY(3) FreeBSD Library Functions Manual NAME X509_STORE_CTX_verify_fn, X509_STORE_CTX_set_verify, X509_STORE_CTX_get_verify, X509_STORE_set_verify, X509_STORE_set_verify_func, X509_STORE_get_verify, X509_STORE_CTX_check_issued_fn, X509_STORE_set_check_issued, X509_STORE_get_check_issued, X509_STORE_CTX_get_check_issued - user- defined certificate chain verification function SYNOPSIS #include <openssl/x509_vfy.h> typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify); X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); void X509_STORE_set_verify(X509_STORE *store, X509_STORE_CTX_verify_fn verify); void X509_STORE_set_verify_func(X509_STORE *store, X509_STORE_CTX_verify_fn verify); X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE_CTX *ctx); typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, X509 *subject, X509 *issuer); void X509_STORE_set_check_issued(X509_STORE *store, X509_STORE_CTX_check_issued_fn check_issued); X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *store); X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx); DESCRIPTION X509_STORE_CTX_set_verify() configures ctx to use the verify argument as the X.509 certificate chain verification function instead of the default verification function built into the library when X509_verify_cert(3) is called. The verify function provided by the user is only called if the X509_V_FLAG_LEGACY_VERIFY or X509_V_FLAG_NO_ALT_CHAINS flag was set on ctx using X509_STORE_CTX_set_flags(3) or X509_VERIFY_PARAM_set_flags(3). Otherwise, it is ignored and a different algorithm is used that does not support replacing the verification function. X509_STORE_set_verify() saves the function pointer verify in the given store object. That pointer will be copied to an X509_STORE_CTX object when store is later passed as an argument to X509_STORE_CTX_init(3). X509_STORE_set_verify_func() is an alias for X509_STORE_set_verify() implemented as a macro. X509_STORE_set_check_issued() saves the function pointer check_issued in the given store object. That pointer will be copied to an X509_STORE_CTX object when store is later passed as an argument to X509_STORE_CTX_init(3). The check_issued function provided by the user should check whether a given certificate subject was issued using the CA certificate issuer, and must return 0 on failure and 1 on success. The default implementation ignores the ctx argument and returns success if and only if X509_check_issued(3) returns X509_V_OK. It is important to pay close attention to the order of the issuer and subject arguments. In X509_check_issued(3) the issuer precedes the subject while in check_issued() the subject comes first. RETURN VALUES X509_STORE_CTX_verify_fn() is supposed to return 1 to indicate that the chain is valid or 0 if it is not or if an error occurred. X509_STORE_CTX_get_verify() returns a function pointer previously set with X509_STORE_CTX_set_verify() or X509_STORE_CTX_init(3), or NULL if ctx is uninitialized. X509_STORE_get_verify() returns the function pointer previously set with X509_STORE_set_verify(), or NULL if that function was not called on the store. X509_STORE_get_check_issued() returns the function pointer previously set with X509_STORE_set_check_issued(), or NULL if that function was not called on the store. X509_STORE_CTX_get_check_issued() returns the check_issued() function pointer set on the X509_STORE_CTX. This is either the check_issued() function inherited from the store used in X509_STORE_CTX_init(3) or the library's default implementation. SEE ALSO X509_check_issued(3), X509_STORE_CTX_init(3), X509_STORE_CTX_set_error(3), X509_STORE_CTX_set_flags(3), X509_STORE_CTX_set_verify_cb(3), X509_STORE_new(3), X509_STORE_set_flags(3), X509_STORE_set_verify_cb(3), X509_verify_cert(3), X509_VERIFY_PARAM_set_flags(3) HISTORY X509_STORE_set_verify_func() first appeared in SSLeay 0.8.0 and has been available since OpenBSD 2.4. X509_STORE_CTX_set_verify() and X509_STORE_CTX_get_verify() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.1. X509_STORE_CTX_verify_fn(), X509_STORE_set_verify(), and X509_STORE_get_verify() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.2. X509_STORE_set_check_issued(), X509_STORE_get_check_issued(), and X509_STORE_CTX_get_check_issued() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 7.3. BUGS The reversal of order of subject and issuer between check_issued() and X509_check_issued(3) is very confusing. It has led to bugs and will cause many more. FreeBSD 14.1-RELEASE-p8 June 7, 2024 FreeBSD 14.1-RELEASE-p8

Navigation Options

Actions: [Home] [Back] [New Search]
Browse: [Browse OpenBSD] [Section 3]
Print/Export: [Print] [Raw Text]
Date: 2025-08-19 Time: 00:08:33 SAST |
Page generated in 0.3287 seconds
Nergahak ManpageViewer v1.4
[Back to Top]