]>
Commit | Line | Data |
---|---|---|
4cec750c DDO |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
6725682d SL |
5 | X509_verify, X509_self_signed, |
6 | X509_REQ_verify_with_libctx, X509_REQ_verify, | |
4cec750c DDO |
7 | X509_CRL_verify - |
8 | verify certificate, certificate request, or CRL signature | |
9 | ||
10 | =head1 SYNOPSIS | |
11 | ||
12 | #include <openssl/x509.h> | |
13 | ||
4cec750c | 14 | int X509_verify(X509 *x, EVP_PKEY *pkey); |
0d8dbb52 | 15 | int X509_self_signed(X509 *cert, int verify_signature); |
4cec750c | 16 | |
6725682d SL |
17 | int X509_REQ_verify_with_libctx(X509_REQ *a, EVP_PKEY *pkey, |
18 | OPENSSL_CTX *libctx, const char *propq); | |
4cec750c DDO |
19 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); |
20 | int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); | |
21 | ||
22 | =head1 DESCRIPTION | |
23 | ||
6725682d SL |
24 | X509_verify() verifies the signature of certificate I<x> using public key |
25 | I<pkey>. Only the signature is checked: no other checks (such as certificate | |
26 | chain validity) are performed. | |
4cec750c | 27 | |
0d8dbb52 DDO |
28 | X509_self_signed() checks whether a certificate is self-signed. |
29 | For success the issuer and subject names must match, the components of the | |
30 | authority key identifier (if present) must match the subject key identifier etc. | |
31 | The signature itself is actually verified only if B<verify_signature> is 1, as | |
32 | for explicitly trusted certificates this verification is not worth the effort. | |
33 | ||
6725682d | 34 | X509_REQ_verify_with_libctx(), X509_REQ_verify() and X509_CRL_verify() |
4cec750c DDO |
35 | verify the signatures of certificate requests and CRLs, respectively. |
36 | ||
37 | =head1 RETURN VALUES | |
38 | ||
6725682d SL |
39 | X509_verify(), |
40 | X509_REQ_verify_with_libctx(), X509_REQ_verify() and X509_CRL_verify() | |
4cec750c DDO |
41 | return 1 if the signature is valid and 0 if the signature check fails. |
42 | If the signature could not be checked at all because it was ill-formed | |
43 | or some other error occurred then -1 is returned. | |
44 | ||
0d8dbb52 DDO |
45 | X509_self_signed() returns the same values but also returns 1 |
46 | if all respective fields match and B<verify_signature> is 0. | |
47 | ||
4cec750c DDO |
48 | =head1 SEE ALSO |
49 | ||
50 | L<d2i_X509(3)>, | |
51 | L<ERR_get_error(3)>, | |
52 | L<X509_CRL_get0_by_serial(3)>, | |
53 | L<X509_get0_signature(3)>, | |
54 | L<X509_get_ext_d2i(3)>, | |
55 | L<X509_get_extension_flags(3)>, | |
56 | L<X509_get_pubkey(3)>, | |
57 | L<X509_get_subject_name(3)>, | |
58 | L<X509_get_version(3)>, | |
59 | L<X509_NAME_ENTRY_get_object(3)>, | |
60 | L<X509_NAME_get_index_by_NID(3)>, | |
61 | L<X509_NAME_print_ex(3)>, | |
62 | L<X509V3_get_d2i(3)>, | |
63 | L<X509_verify_cert(3)>, | |
64 | L<OPENSSL_CTX(3)> | |
65 | ||
66 | =head1 HISTORY | |
67 | ||
68 | The X509_verify(), X509_REQ_verify(), and X509_CRL_verify() | |
69 | functions are available in all versions of OpenSSL. | |
70 | ||
6725682d | 71 | X509_REQ_verify_with_libctx(), and X509_self_signed() were added in OpenSSL 3.0. |
4cec750c DDO |
72 | |
73 | =head1 COPYRIGHT | |
74 | ||
75 | Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. | |
76 | ||
77 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
78 | this file except in compliance with the License. You can obtain a copy | |
79 | in the file LICENSE in the source distribution or at | |
80 | L<https://www.openssl.org/source/license.html>. | |
81 | ||
82 | =cut |