1*adc285aaStb.\" $OpenBSD: SSL_get_verify_result.3,v 1.6 2021/06/26 17:36:28 tb Exp $
21bfa9420Sschwarze.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
3f1a3c524Sschwarze.\"
45c11e89dSschwarze.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
55c11e89dSschwarze.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
6f1a3c524Sschwarze.\"
75c11e89dSschwarze.\" Redistribution and use in source and binary forms, with or without
85c11e89dSschwarze.\" modification, are permitted provided that the following conditions
95c11e89dSschwarze.\" are met:
105c11e89dSschwarze.\"
115c11e89dSschwarze.\" 1. Redistributions of source code must retain the above copyright
125c11e89dSschwarze.\"    notice, this list of conditions and the following disclaimer.
135c11e89dSschwarze.\"
145c11e89dSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright
155c11e89dSschwarze.\"    notice, this list of conditions and the following disclaimer in
165c11e89dSschwarze.\"    the documentation and/or other materials provided with the
175c11e89dSschwarze.\"    distribution.
185c11e89dSschwarze.\"
195c11e89dSschwarze.\" 3. All advertising materials mentioning features or use of this
205c11e89dSschwarze.\"    software must display the following acknowledgment:
215c11e89dSschwarze.\"    "This product includes software developed by the OpenSSL Project
225c11e89dSschwarze.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
235c11e89dSschwarze.\"
245c11e89dSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
255c11e89dSschwarze.\"    endorse or promote products derived from this software without
265c11e89dSschwarze.\"    prior written permission. For written permission, please contact
275c11e89dSschwarze.\"    openssl-core@openssl.org.
285c11e89dSschwarze.\"
295c11e89dSschwarze.\" 5. Products derived from this software may not be called "OpenSSL"
305c11e89dSschwarze.\"    nor may "OpenSSL" appear in their names without prior written
315c11e89dSschwarze.\"    permission of the OpenSSL Project.
325c11e89dSschwarze.\"
335c11e89dSschwarze.\" 6. Redistributions of any form whatsoever must retain the following
345c11e89dSschwarze.\"    acknowledgment:
355c11e89dSschwarze.\"    "This product includes software developed by the OpenSSL Project
365c11e89dSschwarze.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
375c11e89dSschwarze.\"
385c11e89dSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
395c11e89dSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
405c11e89dSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
415c11e89dSschwarze.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
425c11e89dSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
435c11e89dSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
445c11e89dSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
455c11e89dSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
465c11e89dSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
475c11e89dSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
485c11e89dSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
495c11e89dSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE.
505c11e89dSschwarze.\"
51*adc285aaStb.Dd $Mdocdate: June 26 2021 $
52f1a3c524Sschwarze.Dt SSL_GET_VERIFY_RESULT 3
53f1a3c524Sschwarze.Os
54f1a3c524Sschwarze.Sh NAME
55f1a3c524Sschwarze.Nm SSL_get_verify_result
56f1a3c524Sschwarze.Nd get result of peer certificate verification
57f1a3c524Sschwarze.Sh SYNOPSIS
58f1a3c524Sschwarze.In openssl/ssl.h
59f1a3c524Sschwarze.Ft long
60f1a3c524Sschwarze.Fn SSL_get_verify_result "const SSL *ssl"
61f1a3c524Sschwarze.Sh DESCRIPTION
62f1a3c524Sschwarze.Fn SSL_get_verify_result
63f1a3c524Sschwarzereturns the result of the verification of the X509 certificate presented by the
64f1a3c524Sschwarzepeer, if any.
655c11e89dSschwarze.Pp
66f1a3c524Sschwarze.Fn SSL_get_verify_result
67f1a3c524Sschwarzecan only return one error code while the verification of a certificate can fail
68f1a3c524Sschwarzebecause of many reasons at the same time.
69f1a3c524SschwarzeOnly the last verification error that occurred during the processing is
70f1a3c524Sschwarzeavailable from
71f1a3c524Sschwarze.Fn SSL_get_verify_result .
72f1a3c524Sschwarze.Pp
73f1a3c524SschwarzeThe verification result is part of the established session and is restored when
74f1a3c524Sschwarzea session is reused.
75f1a3c524Sschwarze.Sh RETURN VALUES
76f1a3c524SschwarzeThe following return values can currently occur:
77f1a3c524Sschwarze.Bl -tag -width Ds
78f1a3c524Sschwarze.It Dv X509_V_OK
79f1a3c524SschwarzeThe verification succeeded or no peer certificate was presented.
80f1a3c524Sschwarze.It Any other value
81f1a3c524SschwarzeDocumented in
82f1a3c524Sschwarze.Xr openssl 1 .
83f1a3c524Sschwarze.El
84f1a3c524Sschwarze.Sh SEE ALSO
85f1a3c524Sschwarze.Xr openssl 1 ,
86f1a3c524Sschwarze.Xr ssl 3 ,
871bfa9420Sschwarze.Xr SSL_CTX_set_verify 3 ,
881bfa9420Sschwarze.Xr SSL_get0_peername 3 ,
89*adc285aaStb.Xr SSL_get_peer_certificate 3 ,
90f1a3c524Sschwarze.Xr SSL_set_verify_result 3
918fba1ec8Sschwarze.Sh HISTORY
928fba1ec8Sschwarze.Fn SSL_get_verify_result
9310e00d17Sschwarzefirst appeared in SSLeay 0.6.1 and has been available since
948fba1ec8Sschwarze.Ox 2.4 .
95f1a3c524Sschwarze.Sh BUGS
96f1a3c524SschwarzeIf no peer certificate was presented, the returned result code is
97f1a3c524Sschwarze.Dv X509_V_OK .
98f1a3c524SschwarzeThis is because no verification error occurred;
99f1a3c524Sschwarzehowever, it does not indicate success.
100f1a3c524Sschwarze.Fn SSL_get_verify_result
101f1a3c524Sschwarzeis only useful in connection with
102f1a3c524Sschwarze.Xr SSL_get_peer_certificate 3 .
103