]>
Commit | Line | Data |
---|---|---|
4759abc5 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | SSL_get_verify_result - get result of peer certificate verification | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/ssl.h> | |
10 | ||
c3e64028 | 11 | long SSL_get_verify_result(const SSL *ssl); |
4759abc5 RL |
12 | |
13 | =head1 DESCRIPTION | |
14 | ||
15 | SSL_get_verify_result() returns the result of the verification of the | |
16 | X509 certificate presented by the peer, if any. | |
17 | ||
18 | =head1 NOTES | |
19 | ||
20 | SSL_get_verify_result() can only return one error code while the verification | |
21 | of a certificate can fail because of many reasons at the same time. Only | |
52d160d8 | 22 | the last verification error that occurred during the processing is available |
4759abc5 RL |
23 | from SSL_get_verify_result(). |
24 | ||
a7c54dde VK |
25 | Sometimes there can be a sequence of errors leading to the verification |
26 | failure as reported by SSL_get_verify_result(). | |
27 | To get the errors, it is necessary to setup a verify callback via | |
28 | L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors | |
29 | from the error stack there, because once L<SSL_connect(3)> returns, | |
30 | these errors may no longer be available. | |
31 | ||
4759abc5 RL |
32 | The verification result is part of the established session and is restored |
33 | when a session is reused. | |
34 | ||
35 | =head1 BUGS | |
36 | ||
37 | If no peer certificate was presented, the returned result code is | |
52d160d8 | 38 | X509_V_OK. This is because no verification error occurred, it does however |
4759abc5 | 39 | not indicate success. SSL_get_verify_result() is only useful in connection |
9b86974e | 40 | with L<SSL_get_peer_certificate(3)>. |
4759abc5 RL |
41 | |
42 | =head1 RETURN VALUES | |
43 | ||
44 | The following return values can currently occur: | |
45 | ||
46 | =over 4 | |
47 | ||
48 | =item X509_V_OK | |
49 | ||
50 | The verification succeeded or no peer certificate was presented. | |
51 | ||
52 | =item Any other value | |
53 | ||
1903a9b7 | 54 | Documented in L<openssl-verify(1)>. |
4759abc5 RL |
55 | |
56 | =back | |
57 | ||
58 | =head1 SEE ALSO | |
59 | ||
b97fdb57 | 60 | L<ssl(7)>, L<SSL_set_verify_result(3)>, |
9b86974e | 61 | L<SSL_get_peer_certificate(3)>, |
1903a9b7 | 62 | L<openssl-verify(1)> |
4759abc5 | 63 | |
e2f92610 RS |
64 | =head1 COPYRIGHT |
65 | ||
da1c088f | 66 | Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 67 | |
4746f25a | 68 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
69 | this file except in compliance with the License. You can obtain a copy |
70 | in the file LICENSE in the source distribution or at | |
71 | L<https://www.openssl.org/source/license.html>. | |
72 | ||
73 | =cut |