NAME    [Toc]    [Back]

       SSL_CTX_set_cert_verify_cb  - Set peer certificate verification
 procedure

SYNOPSIS    [Toc]    [Back]

       #include <openssl/ssl.h>

       void SSL_CTX_set_cert_verify_cb(
               SSL_CTX *ctx,
               int (*cb)(),
               char *arg ); int
               *callback );

DESCRIPTION    [Toc]    [Back]

       The  SSL_CTX_set_cert_verify_cb()  sets  the  verification
       callback  function  for  ctx. SSL objects that are created
       from ctx inherit the setting  valid at the time  SSL_new()
       is called. The arg is currently ignored.

NOTES    [Toc]    [Back]

       Whenever  a certificate is verified during a SSL/TLS handshake,
 a verification function is called. If the  application
  does  not explicitly specify a verification callback
       function, the built-in verification function is used. If a
       verification    callback   callback   is   specified   via
       SSL_CTX_set_cert_verify_callback(), the supplied  callback
       function is called instead.

       By  setting  callback  to  NULL,  the  default behavior is
       restored. When the verification must be  performed,  callback
   will   be   called   with   the  argument  callback
       (X509_STORE_CTX *x509_store_ctx). The arguments  that  can
       be  specified when setting callback are currently ignored.

       Callback should return 1 to indicate verification  success
       and 0 to indicate verification failure. If SSL_VERIFY_PEER
       is set and callback returns 0, the handshake will fail. As
       the  verification procedure may allow to continue the connection
 in case of failure (by  always  returning  1)  the
       verification  result  must  be  set  in any case using the
       error member of x509_store_ctx, so that the calling application
  will  be informed about the detailed result of the
       verification procedure.  Within  x509_store_ctx,  callback
       has  access  to  the  verify_callback  function  set using
       SSL_CTX_set_verify()).

RESTRICTIONS    [Toc]    [Back]

       Do not mix the verification  callback  described  in  this
       function  with  the verify_callback function called during
       the verification process. The  latter  is  set  using  the
       SSL_CTX_set_verify() family of functions. Providing a complete
 verification procedure, including certificate   purpose
  settings,  is a complex task. The built-in procedure
       is quite powerful and in most cases it  should  be  sufficient
 to modify its behavior using the verify_cb function.

       It is possible to specify arguments to be  passed  to  the
       verification   callback.   However,   they  are  currently
       ignored. The callback function is not specified via a prototype,
 so that no type checking takes place.

RETURN VALUES    [Toc]    [Back]

       The SSL_CTX_set_cert_verify_cb() function does not provide
       diagnostic information.

SEE ALSO    [Toc]    [Back]

       SSL_CTX_set_verify(3),           SSL_get_verify_result(3),
       SSL_CTX_load_verify_locations(3)



                                    SSL_CTX_set_cert_verify_cb(3)