projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| 4759abc5 RL |
1 | =pod |
| 2 | ||
| 3 | =head1 NAME | |
| 4 | ||
| 5 | SSL_get_verify_result - get result of peer certificate verification | |
| 6 | ||
| 7 | =head1 SYNOPSIS | |
| 8 | ||
| 9 | #include <openssl/ssl.h> | |
| 10 | ||
| c3e64028 | 11 | long SSL_get_verify_result(const SSL *ssl); |
| 4759abc5 RL |
12 | |
| 13 | =head1 DESCRIPTION | |
| 14 | ||
| 15 | SSL_get_verify_result() returns the result of the verification of the | |
| 16 | X509 certificate presented by the peer, if any. | |
| 17 | ||
| 18 | =head1 NOTES | |
| 19 | ||
| 20 | SSL_get_verify_result() can only return one error code while the verification | |
| 21 | of a certificate can fail because of many reasons at the same time. Only | |
| 52d160d8 | 22 | the last verification error that occurred during the processing is available |
| 4759abc5 RL |
23 | from SSL_get_verify_result(). |
| 24 | ||
| a7c54dde VK |
25 | Sometimes there can be a sequence of errors leading to the verification |
| 26 | failure as reported by SSL_get_verify_result(). | |
| 27 | To get the errors, it is necessary to setup a verify callback via | |
| 28 | L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors | |
| 29 | from the error stack there, because once L<SSL_connect(3)> returns, | |
| 30 | these errors may no longer be available. | |
| 31 | ||
| 4759abc5 RL |
32 | The verification result is part of the established session and is restored |
| 33 | when a session is reused. | |
| 34 | ||
| 35 | =head1 BUGS | |
| 36 | ||
| 37 | If no peer certificate was presented, the returned result code is | |
| 52d160d8 | 38 | X509_V_OK. This is because no verification error occurred, it does however |
| 4759abc5 | 39 | not indicate success. SSL_get_verify_result() is only useful in connection |
| 9b86974e | 40 | with L<SSL_get_peer_certificate(3)>. |
| 4759abc5 RL |
41 | |
| 42 | =head1 RETURN VALUES | |
| 43 | ||
| 44 | The following return values can currently occur: | |
| 45 | ||
| 46 | =over 4 | |
| 47 | ||
| 48 | =item X509_V_OK | |
| 49 | ||
| 50 | The verification succeeded or no peer certificate was presented. | |
| 51 | ||
| 52 | =item Any other value | |
| 53 | ||
| 1903a9b7 | 54 | Documented in L<openssl-verify(1)>. |
| 4759abc5 RL |
55 | |
| 56 | =back | |
| 57 | ||
| 58 | =head1 SEE ALSO | |
| 59 | ||
| b97fdb57 | 60 | L<ssl(7)>, L<SSL_set_verify_result(3)>, |
| 9b86974e | 61 | L<SSL_get_peer_certificate(3)>, |
| 1903a9b7 | 62 | L<openssl-verify(1)> |
| 4759abc5 | 63 | |
| e2f92610 RS |
64 | =head1 COPYRIGHT |
| 65 | ||
| da1c088f | 66 | Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. |
| e2f92610 | 67 | |
| 4746f25a | 68 | Licensed under the Apache License 2.0 (the "License"). You may not use |
| e2f92610 RS |
69 | this file except in compliance with the License. You can obtain a copy |
| 70 | in the file LICENSE in the source distribution or at | |
| 71 | L<https://www.openssl.org/source/license.html>. | |
| 72 | ||
| 73 | =cut |