diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2009-10-17 14:46:52 +0200 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2009-10-17 14:46:52 +0200 |
commit | b8c182a499704e2042b59b924497373910d30048 (patch) | |
tree | 50cf390582862d4f990e6e1296038df23c58fd73 /doc/crypto/X509_verify_cert.pod | |
parent | PR: 2074 (diff) | |
download | openssl-b8c182a499704e2042b59b924497373910d30048.tar.xz openssl-b8c182a499704e2042b59b924497373910d30048.zip |
Manual page for X509_verify_cert()
Diffstat (limited to 'doc/crypto/X509_verify_cert.pod')
-rw-r--r-- | doc/crypto/X509_verify_cert.pod | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod new file mode 100644 index 0000000000..e64262876a --- /dev/null +++ b/doc/crypto/X509_verify_cert.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +X509_verify_cert - discover and verify X509 certificte chain + +=head1 SYNOPSIS + + #include <openssl/x509.h> + + int X509_verify_cert(X509_STORE_CTX *ctx); + +=head1 DESCRIPTION + +The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in B<ctx>. + +=head1 RETURN VALUES + +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. + +If the function fails additional error information can be obtained by +examining B<ctx> using, for example X509_STORE_CTX_get_error(). + +=head1 NOTES + +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code. + +The negative return value from X509_verify_cert() can only occur if no +certificate is set in B<ctx> (due to a programming error) or if a retry +operation is requested during internal lookups (which never happens with +standard lookup methods). It is however recommended that application check +for <= 0 return value on error. + +=head1 BUGS + +This function uses the header B<x509.h> as opposed to most chain verification +functiosn which use B<x509_vfy.h>. + +=head1 SEE ALSO + +L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> + +=head1 HISTORY + +X509_verify_cert() is available in all versions of SSLeay and OpenSSL. + +=cut |