From b8c182a499704e2042b59b924497373910d30048 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 17 Oct 2009 12:46:52 +0000 Subject: [PATCH] Manual page for X509_verify_cert() --- doc/crypto/X509_verify_cert.pod | 52 +++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 doc/crypto/X509_verify_cert.pod diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod new file mode 100644 index 0000000000..e64262876a --- /dev/null +++ b/doc/crypto/X509_verify_cert.pod @@ -0,0 +1,52 @@ +=pod + +=head1 NAME + +X509_verify_cert - discover and verify X509 certificte chain + +=head1 SYNOPSIS + + #include + + int X509_verify_cert(X509_STORE_CTX *ctx); + +=head1 DESCRIPTION + +The X509_verify_cert() function attempts to discover and validate a +certificate chain based on parameters in B. + +=head1 RETURN VALUES + +If a complete chain can be built and validated this function returns 1, +otherwise it return zero, in exceptional circumstances it can also +return a negative code. + +If the function fails additional error information can be obtained by +examining B using, for example X509_STORE_CTX_get_error(). + +=head1 NOTES + +Applications rarely call this function directly but it is used by +OpenSSL internally for certificate validation, in both the S/MIME and +SSL/TLS code. + +The negative return value from X509_verify_cert() can only occur if no +certificate is set in B (due to a programming error) or if a retry +operation is requested during internal lookups (which never happens with +standard lookup methods). It is however recommended that application check +for <= 0 return value on error. + +=head1 BUGS + +This function uses the header B as opposed to most chain verification +functiosn which use B. + +=head1 SEE ALSO + +L + +=head1 HISTORY + +X509_verify_cert() is available in all versions of SSLeay and OpenSSL. + +=cut -- 2.25.1