Skip to content

Commit ce3eadd

Browse files
author
schwarze
committed
Document X509_STORE_set_verify_func(3), mostly using text from the
OpenSSL 1.1.1 branch, which is still under a free license, tweaked by me. While here, garbage collect the weird BUGS section.
1 parent 9cfe0ac commit ce3eadd

File tree

1 file changed

+32
-8
lines changed

1 file changed

+32
-8
lines changed

src/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3

Lines changed: 32 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
1-
.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.9 2020/03/29 17:05:02 schwarze Exp $
2-
.\" OpenSSL 05ea606a May 20 20:52:46 2016 -0400
1+
.\" $OpenBSD: X509_STORE_set_verify_cb_func.3,v 1.10 2021/07/29 10:13:45 schwarze Exp $
2+
.\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
3+
.\" selective merge up to: OpenSSL 315c47e0 Dec 1 14:22:16 2020 +0100
34
.\"
45
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
56
.\" Copyright (c) 2009 The OpenSSL Project. All rights reserved.
@@ -48,12 +49,13 @@
4849
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
4950
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
5051
.\"
51-
.Dd $Mdocdate: March 29 2020 $
52+
.Dd $Mdocdate: July 29 2021 $
5253
.Dt X509_STORE_SET_VERIFY_CB_FUNC 3
5354
.Os
5455
.Sh NAME
5556
.Nm X509_STORE_set_verify_cb ,
56-
.Nm X509_STORE_set_verify_cb_func
57+
.Nm X509_STORE_set_verify_cb_func ,
58+
.Nm X509_STORE_set_verify_func
5759
.Nd set verification callback
5860
.Sh SYNOPSIS
5961
.In openssl/x509_vfy.h
@@ -67,6 +69,11 @@
6769
.Fa "X509_STORE *st"
6870
.Fa "int (*verify_cb)(int ok, X509_STORE_CTX *ctx)"
6971
.Fc
72+
.Ft void
73+
.Fo X509_STORE_set_verify_func
74+
.Fa "X509_STORE *st"
75+
.Fa "int (*verify_func)(X509_STORE_CTX *ctx)"
76+
.Fc
7077
.Sh DESCRIPTION
7178
.Fn X509_STORE_set_verify_cb
7279
sets the verification callback of
@@ -86,17 +93,34 @@ structure when it is initialized.
8693
This can be used to set the verification callback when the
8794
.Vt X509_STORE_CTX
8895
is otherwise inaccessible (for example during S/MIME verification).
96+
.Pp
97+
.Fn X509_STORE_set_verify_func
98+
sets the final chain verification function for
99+
.Fa st
100+
to
101+
.Fa verify_func .
102+
Its purpose is to go through the chain of certificates and check
103+
that all signatures are valid and that the current time is within
104+
the limits of each certificate's first and last validity time.
105+
The final chain verification function
106+
must return 0 on failure and 1 on success.
107+
If
108+
.Fn X509_STORE_set_verify_func
109+
is not called or called with
110+
.Fa verify_func
111+
set to a
112+
.Dv NULL
113+
pointer, the built-in default function is used.
89114
.Sh SEE ALSO
90115
.Xr X509_STORE_CTX_set_verify_cb 3 ,
91116
.Xr X509_STORE_new 3
92117
.Sh HISTORY
93118
.Fn X509_STORE_set_verify_cb_func
94-
first appeared in SSLeay 0.8.0 and has been available since
119+
and
120+
.Fn X509_STORE_set_verify_func
121+
first appeared in SSLeay 0.8.0 and have been available since
95122
.Ox 2.4 .
96123
.Pp
97124
.Fn X509_STORE_set_verify_cb
98125
first appeared in OpenSSL 1.0.0 and has been available since
99126
.Ox 4.9 .
100-
.Sh BUGS
101-
The macro version of this function was the only one available before
102-
OpenSSL 1.0.0.

0 commit comments

Comments
 (0)