Windows PowerShell command on Get-command SSL_CTX_set_cert_verify_callback
MyWebUniversity

Manual Pages for UNIX Operating System command usage for man SSL_CTX_set_cert_verify_callback




OpenSSL                SSL_CTX_set_cert_verify_callback(3openssl)




NNNNAAAAMMMMEEEE

     SSL_CTX_set_cert_verify_callback - set peer certificate

     verification procedure

SSSSYYYYNNNNOOOOPPPPSSSSIIIISSSS

      #include 



      void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg);



DDDDEEEESSSSCCCCRRRRIIIIPPPPTTTTIIIIOOOONNNN

     SSL_CTX_set_cert_verify_callback() sets the verification

     callback function for ctx. SSL objects that are created from

     ctx inherit the setting valid at the time when SSL_new(3) is

     called.

NNNNOOOOTTTTEEEESSSS

     Whenever a certificate is verified during a SSL/TLS
     handshake, a verification function is called. If the
     application does not explicitly specify a verification

     callback function, the built-in verification function is

     used.  If a verification callback callback is specified via

     SSL_CTX_set_cert_verify_callback(), the supplied callback

     function is called instead. By setting callback to NULL, the
     default behaviour is restored.

     When the verification must be performed, callback will be

     called with the arguments callback(X509_STORE_CTX

     *x509_store_ctx, void *arg). The argument arg is specified

     by the application when setting callback.

     callback should return 1 to indicate verification success

     and 0 to indicate verification failure. If SSL_VERIFY_PEER

     is set and callback returns 0, the handshake will fail. As
     the verification procedure may allow to continue the
     connection in case of failure (by always returning 1) the
     verification result must be set in any case using the eeeerrrrrrrroooorrrr

     member of x509_store_ctx so that the calling application

     will be informed about the detailed result of the
     verification procedure!


     Within x509_store_ctx, callback has access to the

     verify_callback function set using SSL_CTX_set_verify(3).


WWWWAAAARRRRNNNNIIIINNNNGGGGSSSS
     Do not mix the verification callback described in this

     function with the vvvveeeerrrriiiiffffyyyy_ccccaaaallllllllbbbbaaaacccckkkk function called during the

     verification process. The latter is set using the

     SSL_CTX_set_verify(3) family of functions.


     Providing a complete verification procedure including
     certificate purpose settings etc is a complex task. The




28/Feb/2002            Last change: 0.9.8o                      1







OpenSSL                SSL_CTX_set_cert_verify_callback(3openssl)





     built-in procedure is quite powerful and in most cases it

     should be sufficient to modify its behaviour using the

     vvvveeeerrrriiiiffffyyyy_ccccaaaallllllllbbbbaaaacccckkkk function.


BBBBUUUUGGGGSSSS
RRRREEEETTTTUUUURRRRNNNN VVVVAAAALLLLUUUUEEEESSSS

     SSL_CTX_set_cert_verify_callback() does not provide

     diagnostic information.

SSSSEEEEEEEE AAAALLLLSSSSOOOO

     ssl(3), SSL_CTX_set_verify(3), SSL_get_verify_result(3),

     SSL_CTX_load_verify_locations(3)


HHHHIIIISSSSTTTTOOOORRRRYYYY
     Previous to OpenSSL 0.9.7, the arg argument to

     SSSSSSSSLLLL_CCCCTTTTXXXX_sssseeeetttt_cccceeeerrrrtttt_vvvveeeerrrriiiiffffyyyy_ccccaaaallllllllbbbbaaaacccckkkk was ignored, and callback

     was called simply as

      int (*callback)(X509_STORE_CTX *) To compile software

     written for previous versions of OpenSSL, a dummy argument
     will have to be added to callback.




































28/Feb/2002            Last change: 0.9.8o                      2



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™