X509_verify_cert.pod revision 296341
1=pod 2 3=head1 NAME 4 5X509_verify_cert - discover and verify X509 certificte chain 6 7=head1 SYNOPSIS 8 9 #include <openssl/x509.h> 10 11 int X509_verify_cert(X509_STORE_CTX *ctx); 12 13=head1 DESCRIPTION 14 15The X509_verify_cert() function attempts to discover and validate a 16certificate chain based on parameters in B<ctx>. A complete description of 17the process is contained in the L<verify(1)|verify(1)> manual page. 18 19=head1 RETURN VALUES 20 21If a complete chain can be built and validated this function returns 1, 22otherwise it return zero, in exceptional circumstances it can also 23return a negative code. 24 25If the function fails additional error information can be obtained by 26examining B<ctx> using, for example X509_STORE_CTX_get_error(). 27 28=head1 NOTES 29 30Applications rarely call this function directly but it is used by 31OpenSSL internally for certificate validation, in both the S/MIME and 32SSL/TLS code. 33 34The negative return value from X509_verify_cert() can only occur if no 35certificate is set in B<ctx> (due to a programming error); if X509_verify_cert() 36twice without reinitialising B<ctx> in between; or if a retry 37operation is requested during internal lookups (which never happens with 38standard lookup methods). It is however recommended that application check 39for <= 0 return value on error. 40 41=head1 BUGS 42 43This function uses the header B<x509.h> as opposed to most chain verification 44functiosn which use B<x509_vfy.h>. 45 46=head1 SEE ALSO 47 48L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> 49 50=head1 HISTORY 51 52X509_verify_cert() is available in all versions of SSLeay and OpenSSL. 53 54=cut 55