diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-15 14:57:32 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-02-17 07:43:58 +0100 |
| commit | 31b28ad96aa841ae39d4009ebb15d90f2a2afdab (patch) | |
| tree | 1c35d270dec05defdb07028911a67dbba82fe65c /doc/man3/X509_STORE_CTX_set_verify_cb.pod | |
| parent | 235595c402bd7815f07f1f3f3babe9fcc247a206 (diff) | |
| download | openssl-31b28ad96aa841ae39d4009ebb15d90f2a2afdab.tar.gz | |
chunk 7 of CMP contribution to OpenSSL
add CMP message validation and related tests; while doing so:
* add ERR_add_error_mem_bio() to crypto/err/err_prn.c
* move ossl_cmp_add_error_txt() as ERR_add_error_txt() to crypto/err/err_prn.c
* add X509_STORE_CTX_print_verify_cb() to crypto/x509/t_x509.c,
adding internally x509_print_ex_brief(), print_certs(), and print_store_certs()
* move {ossl_cmp_,}X509_STORE_get1_certs() to crypto/x509/x509_lu.c
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10620)
Diffstat (limited to 'doc/man3/X509_STORE_CTX_set_verify_cb.pod')
| -rw-r--r-- | doc/man3/X509_STORE_CTX_set_verify_cb.pod | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/doc/man3/X509_STORE_CTX_set_verify_cb.pod b/doc/man3/X509_STORE_CTX_set_verify_cb.pod index 64ccefa7ff..c53b14db36 100644 --- a/doc/man3/X509_STORE_CTX_set_verify_cb.pod +++ b/doc/man3/X509_STORE_CTX_set_verify_cb.pod @@ -14,14 +14,16 @@ X509_STORE_CTX_get_check_issued, X509_STORE_CTX_get_get_issuer, X509_STORE_CTX_get_verify_cb, X509_STORE_CTX_set_verify_cb, -X509_STORE_CTX_verify_cb -- get and set verification callback +X509_STORE_CTX_verify_cb, +X509_STORE_CTX_print_verify_cb +- get and set X509_STORE_CTX components such as verification callback =head1 SYNOPSIS #include <openssl/x509_vfy.h> typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *); + int X509_STORE_CTX_print_verify_cb(int ok, X509_STORE_CTX *ctx); X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx); @@ -63,6 +65,12 @@ structure and receive additional information about the error, for example by calling X509_STORE_CTX_get_current_cert(). Additional application data can be passed to the callback via the B<ex_data> mechanism. +X509_STORE_CTX_print_verify_cb() is a verification callback function that, +when a certificate verification has failed, adds an entry to the error queue +with code B<X509_R_CERTIFICATE_VERIFICATION_FAILED> and with diagnostic details, +including the most relevant fields of the target certificate that failed to +verify and, if appropriate, of the available untrusted and trusted certificates. + X509_STORE_CTX_get_verify_cb() returns the value of the current callback for the specific B<ctx>. @@ -200,6 +208,8 @@ X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(), X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls() and X509_STORE_CTX_get_cleanup() functions were added in OpenSSL 1.1.0. +X509_STORE_CTX_print_verify_cb() was added in OpenSSL 3.0. + =head1 COPYRIGHT Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. |