Sortix cross-nightly manual
This manual documents Sortix cross-nightly. You can instead view this document in the latest official manual.
NAME
X509_STORE_CTX_verify_cb, X509_STORE_CTX_set_verify_cb, X509_STORE_CTX_get_verify_cb — set and retrieve verification callbackSYNOPSIS
#include <openssl/x509_vfy.h>(*X509_STORE_CTX_verify_cb)(int ok, X509_STORE_CTX *ctx);
X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_cb verify_cb);
X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
DESCRIPTION
X509_STORE_CTX_set_verify_cb() sets the verification callback of ctx to verify_cb overwriting any existing callback.RETURN VALUES
X509_STORE_CTX_get_verify_cb() returns a pointer to the current callback function used by the specified ctx. If no callback was set using X509_STORE_CTX_set_verify_cb(), that is a pointer to a built-in static function which does nothing except returning the ok argument passed to it.EXAMPLES
Default callback operation:int verify_callback(int ok, X509_STORE_CTX *ctx) { return ok; }
int verify_callback(int ok, X509_STORE_CTX *ctx) { /* Tolerate certificate expiration */ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_CERT_HAS_EXPIRED) return 1; /* Otherwise don't override */ return ok; }
int verify_callback(int ok, X509_STORE_CTX *ctx) { X509 *err_cert; int err,depth; err_cert = X509_STORE_CTX_get_current_cert(ctx); err = X509_STORE_CTX_get_error(ctx); depth = X509_STORE_CTX_get_error_depth(ctx); BIO_printf(bio_err,"depth=%d ",depth); if (err_cert) { X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert), 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); } else BIO_puts(bio_err, "<no cert>\n"); if (!ok) BIO_printf(bio_err, "verify error:num=%d:%s\n", err, X509_verify_cert_error_string(err)); switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: BIO_puts(bio_err, "issuer= "); X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert), 0, XN_FLAG_ONELINE); BIO_puts(bio_err, "\n"); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: BIO_printf(bio_err, "notBefore="); ASN1_TIME_print(bio_err, X509_get_notBefore(err_cert)); BIO_printf(bio_err, "\n"); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: BIO_printf(bio_err, "notAfter="); ASN1_TIME_print(bio_err, X509_get_notAfter(err_cert)); BIO_printf(bio_err, "\n"); break; case X509_V_ERR_NO_EXPLICIT_POLICY: policies_print(bio_err, ctx); break; } if (err == X509_V_OK && ok == 2) /* print out policies */ BIO_printf(bio_err,"verify return:%d\n",ok); return(ok); }