1<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>ne_ssl_set_verify</title><link rel="stylesheet" type="text/css" href="../manual.css"><meta name="generator" content="DocBook XSL Stylesheets V1.76.1"><link rel="home" href="index.html" title="neon HTTP/WebDAV client library"><link rel="up" href="ref.html" title="neon API reference"><link rel="prev" href="refsslca.html" title="ne_ssl_trust_cert"><link rel="next" href="refclicert.html" title="ne_ssl_client_cert"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">ne_ssl_set_verify</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="refsslca.html">Prev</a>��</td><th width="60%" align="center">neon API reference</th><td width="20%" align="right">��<a accesskey="n" href="refclicert.html">Next</a></td></tr></table><hr></div><div class="refentry" title="ne_ssl_set_verify"><a name="refsslvfy"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ne_ssl_set_verify ��� register an SSL certificate verification callback</p></div><div class="refsynopsisdiv" title="Synopsis"><h2>Synopsis</h2><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <ne_session.h></pre><table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" class="funcprototype-table"><tr><td><code class="funcdef">typedef int <b class="fsfunc">ne_ssl_verify_fn</b>(</code></td><td>void *<var class="pdparam">userdata</var>, </td></tr><tr><td>��</td><td>int <var class="pdparam">failures</var>, </td></tr><tr><td>��</td><td>const ne_ssl_certificate *<var class="pdparam">cert</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer">��</div><table border="0" summary="Function synopsis" cellspacing="0" cellpadding="0" class="funcprototype-table"><tr><td><code class="funcdef">void <b class="fsfunc">ne_ssl_set_verify</b>(</code></td><td>ne_session *<var class="pdparam">session</var>, </td></tr><tr><td>��</td><td>ne_ssl_verify_fn <var class="pdparam">verify_fn</var>, </td></tr><tr><td>��</td><td>void *<var class="pdparam">userdata</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer">��</div></div></div><div class="refsect1" title="Description"><a name="id462711"></a><h2>Description</h2><p>To enable manual SSL certificate verification, a 2callback can be registered using 3<code class="function">ne_ssl_set_verify</code>. If such a callback is not 4registered, when a connection is established to an SSL server which 5does not present a certificate signed by a trusted CA (see <a class="xref" href="refsslca.html#ne_ssl_trust_cert">ne_ssl_trust_cert</a>), or if the certificate presented is invalid in 6some way, the connection will fail.</p><p>When the callback is invoked, the 7<code class="parameter">failures</code> parameter gives a bitmask indicating 8in what way the automatic certificate verification failed. The value 9is equal to the bit-wise OR of one or more of the following 10constants (and is guaranteed to be non-zero):</p><div class="variablelist"><table border="0"><col align="left" valign="top"><tbody><tr><td><p><span class="term"><code class="constant">NE_SSL_NOTYETVALID</code></span></p></td><td>The certificate is not yet valid.</td></tr><tr><td><p><span class="term"><code class="constant">NE_SSL_EXPIRED</code></span></p></td><td>The certificate has expired.</td></tr><tr><td><p><span class="term"><code class="constant">NE_SSL_IDMISMATCH</code></span></p></td><td>The hostname used for the session does not match 11the hostname to which the certificate was issued.</td></tr><tr><td><p><span class="term"><code class="constant">NE_SSL_UNTRUSTED</code></span></p></td><td>The Certificate Authority which signed the certificate 12is not trusted.</td></tr></tbody></table></div><p>Note that if either of the 13 <code class="constant">NE_SSL_IDMISMATCH</code> or 14 <code class="constant">NE_SSL_UNTRUSTED</code> failures is given, the 15 connection may have been intercepted by a third party, and 16 must not be presumed to be <span class="quote">���<span class="quote">secure</span>���</span>.</p><p>The <code class="parameter">cert</code> parameter passed to the 17callback represents the certificate which was presented by the server. 18If the server presented a chain of certificates, the chain can be 19accessed using <a class="xref" href="refcert.html#ne_ssl_cert_signedby">ne_ssl_cert_signedby</a>. The 20<code class="parameter">cert</code> object given is not valid after the 21callback returns.</p></div><div class="refsect1" title="Return value"><a name="id462833"></a><h2>Return value</h2><p>The verification callback must return zero to indicate 22that the certificate should be trusted; and non-zero otherwise (in 23which case, the connection will fail).</p></div><div class="refsect1" title="Examples"><a name="id462844"></a><h2>Examples</h2><p>The following code implements an example verification 24 callback, using the <code class="function">dump_cert</code> function 25 from <a class="xref" href="refcert.html#ne_ssl_cert_subject">ne_ssl_cert_subject</a> to display 26 certification information. Notice that the hostname of the 27 server used for the session is passed as the 28 <code class="parameter">userdata</code> parameter to the 29 callback.</p><pre class="programlisting"> 30static int 31my_verify(void *userdata, int failures, const ne_ssl_certificate *cert) 32{ 33 const char *hostname = userdata; 34 35 dump_cert(cert); 36 37 puts("Certificate verification failed - the connection may have been " 38 "intercepted by a third party!"); 39 40 if (failures & NE_SSL_IDMISMATCH) { 41 const char *id = ne_ssl_cert_identity(cert); 42 if (id) 43 printf("Server certificate was issued to '%s' not '%s'.\n", 44 id, hostname); 45 else 46 printf("The certificate was not issued for '%s'\n", hostname); 47 } 48 49 if (failures & NE_SSL_UNTRUSTED) 50 puts("The certificate is not signed by a trusted Certificate Authority."); 51 52 /* ... check for validity failures ... */ 53 54 if (prompt_user()) 55 return 1; /* fail verification */ 56 else 57 return 0; /* trust the certificate anyway */ 58} 59 60int 61main(...) 62{ 63 ne_session *sess = ne_session_create("https", "some.host.name", 443); 64 ne_ssl_set_verify(sess, my_verify, "some.host.name"); 65 ... 66}</pre></div><div class="refsect1" title="See also"><a name="id462889"></a><h2>See also</h2><p><a class="xref" href="refsslca.html#ne_ssl_trust_cert">ne_ssl_trust_cert</a>, <a class="xref" href="refssldname.html#ne_ssl_readable_dname">ne_ssl_readable_dname</a>, <a class="xref" href="refcert.html#ne_ssl_cert_subject">ne_ssl_cert_subject</a></p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="refsslca.html">Prev</a>��</td><td width="20%" align="center"><a accesskey="u" href="ref.html">Up</a></td><td width="40%" align="right">��<a accesskey="n" href="refclicert.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">ne_ssl_trust_cert��</td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top">��ne_ssl_client_cert</td></tr></table></div></body></html> 67