1=pod
2
3=head1 NAME
4
5X509_verify_cert - discover and verify X509 certificte chain
6
7=head1 SYNOPSIS
8
9 #include <openssl/x509.h>
10
11 int X509_verify_cert(X509_STORE_CTX *ctx);
12
13=head1 DESCRIPTION
14
15The X509_verify_cert() function attempts to discover and validate a
16certificate chain based on parameters in B<ctx>. A complete description of
17the process is contained in the L<verify(1)|verify(1)> manual page.
18
19=head1 RETURN VALUES
20
21If a complete chain can be built and validated this function returns 1,
22otherwise it return zero, in exceptional circumstances it can also
23return a negative code.
24
25If the function fails additional error information can be obtained by
26examining B<ctx> using, for example X509_STORE_CTX_get_error().
27
28=head1 NOTES
29
30Applications rarely call this function directly but it is used by
31OpenSSL internally for certificate validation, in both the S/MIME and
32SSL/TLS code.
33
34A negative return value from X509_verify_cert() can occur if it is invoked
35incorrectly, such as with no certificate set in B<ctx>, or when it is called
36twice in succession without reinitialising B<ctx> for the second call.
37A negative return value can also happen due to internal resource problems or if
38a retry operation is requested during internal lookups (which never happens
39with standard lookup methods).
40Applications must check for <= 0 return value on error.
41
42=head1 BUGS
43
44This function uses the header B<x509.h> as opposed to most chain verification
45functiosn which use B<x509_vfy.h>.
46
47=head1 SEE ALSO
48
49L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)>
50
51=head1 HISTORY
52
53X509_verify_cert() is available in all versions of SSLeay and OpenSSL.
54
55=cut
56