X509_STORE_CTX_get_get_issuer,
X509_STORE_CTX_get_verify_cb,
X509_STORE_CTX_set_verify_cb,
-X509_STORE_CTX_verify_cb
-- get and set verification callback
+X509_STORE_CTX_verify_cb,
+X509_STORE_CTX_print_verify_cb
+- get and set X509_STORE_CTX components such as verification callback
=head1 SYNOPSIS
#include <openssl/x509_vfy.h>
typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+ int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx);
X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
by calling X509_STORE_CTX_get_current_cert(). Additional application data can
be passed to the callback via the B<ex_data> mechanism.
+X509_STORE_CTX_print_verify_cb() is a verification callback function that,
+when a certificate verification has failed, adds an entry to the error queue
+with code B<X509_R_CERTIFICATE_VERIFICATION_FAILED> and with diagnostic details,
+including the most relevant fields of the target certificate that failed to
+verify and, if appropriate, of the available untrusted and trusted certificates.
+
X509_STORE_CTX_get_verify_cb() returns the value of the current callback
for the specific B<ctx>.
X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0.
+X509_STORE_CTX_print_verify_cb() was added in OpenSSL 3.0.
+
=head1 COPYRIGHT
Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
projects / thirdparty / openssl.git / blobdiff