X509_verify_cert.pod revision 306195
1=pod 2 3=head1 NAME 4 5X509_verify_cert - discover and verify X509 certificte chain 6 7=head1 SYNOPSIS 8 9 #include <openssl/x509.h> 10 11 int X509_verify_cert(X509_STORE_CTX *ctx); 12 13=head1 DESCRIPTION 14 15The X509_verify_cert() function attempts to discover and validate a 16certificate chain based on parameters in B<ctx>. A complete description of 17the process is contained in the L<verify(1)|verify(1)> manual page. 18 19=head1 RETURN VALUES 20 21If a complete chain can be built and validated this function returns 1, 22otherwise it return zero, in exceptional circumstances it can also 23return a negative code. 24 25If the function fails additional error information can be obtained by 26examining B<ctx> using, for example X509_STORE_CTX_get_error(). 27 28=head1 NOTES 29 30Applications rarely call this function directly but it is used by 31OpenSSL internally for certificate validation, in both the S/MIME and 32SSL/TLS code. 33 34A negative return value from X509_verify_cert() can occur if it is invoked 35incorrectly, such as with no certificate set in B<ctx>, or when it is called 36twice in succession without reinitialising B<ctx> for the second call. 37A negative return value can also happen due to internal resource problems or if 38a retry operation is requested during internal lookups (which never happens 39with standard lookup methods). 40Applications must check for <= 0 return value on error. 41 42=head1 BUGS 43 44This function uses the header B<x509.h> as opposed to most chain verification 45functiosn which use B<x509_vfy.h>. 46 47=head1 SEE ALSO 48 49L<X509_STORE_CTX_get_error(3)|X509_STORE_CTX_get_error(3)> 50 51=head1 HISTORY 52 53X509_verify_cert() is available in all versions of SSLeay and OpenSSL. 54 55=cut 56