openssl/doc/man3/SSL_get_verify_result.pod
Vladimír Kotal a7c54dde51 add note about retrieving error stack
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21220)
2023-06-26 08:04:17 +10:00

74 lines
2.0 KiB
Plaintext

=pod
=head1 NAME
SSL_get_verify_result - get result of peer certificate verification
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_get_verify_result(const SSL *ssl);
=head1 DESCRIPTION
SSL_get_verify_result() returns the result of the verification of the
X509 certificate presented by the peer, if any.
=head1 NOTES
SSL_get_verify_result() can only return one error code while the verification
of a certificate can fail because of many reasons at the same time. Only
the last verification error that occurred during the processing is available
from SSL_get_verify_result().
Sometimes there can be a sequence of errors leading to the verification
failure as reported by SSL_get_verify_result().
To get the errors, it is necessary to setup a verify callback via
L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors
from the error stack there, because once L<SSL_connect(3)> returns,
these errors may no longer be available.
The verification result is part of the established session and is restored
when a session is reused.
=head1 BUGS
If no peer certificate was presented, the returned result code is
X509_V_OK. This is because no verification error occurred, it does however
not indicate success. SSL_get_verify_result() is only useful in connection
with L<SSL_get_peer_certificate(3)>.
=head1 RETURN VALUES
The following return values can currently occur:
=over 4
=item X509_V_OK
The verification succeeded or no peer certificate was presented.
=item Any other value
Documented in L<openssl-verify(1)>.
=back
=head1 SEE ALSO
L<ssl(7)>, L<SSL_set_verify_result(3)>,
L<SSL_get_peer_certificate(3)>,
L<openssl-verify(1)>
=head1 COPYRIGHT
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut