1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5*b077aed3SPierre ProncherySSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param, 6*b077aed3SPierre ProncherySSL_CTX_set_purpose, SSL_CTX_set_trust, SSL_set_purpose, SSL_set_trust - 7e71b7053SJung-uk Kimget and set verification parameters 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/ssl.h> 12e71b7053SJung-uk Kim 13*b077aed3SPierre Pronchery X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx); 14*b077aed3SPierre Pronchery X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl); 15*b077aed3SPierre Pronchery int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm); 16*b077aed3SPierre Pronchery int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm); 17*b077aed3SPierre Pronchery 18*b077aed3SPierre Pronchery int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose); 19*b077aed3SPierre Pronchery int SSL_set_purpose(SSL *ssl, int purpose); 20*b077aed3SPierre Pronchery 21*b077aed3SPierre Pronchery int SSL_CTX_set_trust(SSL_CTX *ctx, int trust); 22*b077aed3SPierre Pronchery int SSL_set_trust(SSL *ssl, int trust); 23e71b7053SJung-uk Kim 24e71b7053SJung-uk Kim=head1 DESCRIPTION 25e71b7053SJung-uk Kim 26e71b7053SJung-uk KimSSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to 27e71b7053SJung-uk Kimthe verification parameters for B<ctx> or B<ssl> respectively. The returned 28e71b7053SJung-uk Kimpointer must not be freed by the calling application. 29e71b7053SJung-uk Kim 30e71b7053SJung-uk KimSSL_CTX_set1_param() and SSL_set1_param() set the verification parameters 31e71b7053SJung-uk Kimto B<vpm> for B<ctx> or B<ssl>. 32e71b7053SJung-uk Kim 33*b077aed3SPierre ProncheryThe functions SSL_CTX_set_purpose() and SSL_set_purpose() are shorthands which 34*b077aed3SPierre Proncheryset the purpose parameter on the verification parameters object. These functions 35*b077aed3SPierre Proncheryare equivalent to calling X509_VERIFY_PARAM_set_purpose() directly. 36*b077aed3SPierre Pronchery 37*b077aed3SPierre ProncheryThe functions SSL_CTX_set_trust() and SSL_set_trust() are similarly shorthands 38*b077aed3SPierre Proncherywhich set the trust parameter on the verification parameters object. These 39*b077aed3SPierre Proncheryfunctions are equivalent to calling X509_VERIFY_PARAM_set_trust() directly. 40*b077aed3SPierre Pronchery 41e71b7053SJung-uk Kim=head1 NOTES 42e71b7053SJung-uk Kim 43e71b7053SJung-uk KimTypically parameters are retrieved from an B<SSL_CTX> or B<SSL> structure 44e71b7053SJung-uk Kimusing SSL_CTX_get0_param() or SSL_get0_param() and an application modifies 45e71b7053SJung-uk Kimthem to suit its needs: for example to add a hostname check. 46e71b7053SJung-uk Kim 47e71b7053SJung-uk Kim=head1 RETURN VALUES 48e71b7053SJung-uk Kim 49e71b7053SJung-uk KimSSL_CTX_get0_param() and SSL_get0_param() return a pointer to an 50e71b7053SJung-uk KimB<X509_VERIFY_PARAM> structure. 51e71b7053SJung-uk Kim 52*b077aed3SPierre ProncherySSL_CTX_set1_param(), SSL_set1_param(), SSL_CTX_set_purpose(), 53*b077aed3SPierre ProncherySSL_set_purpose(), SSL_CTX_set_trust() and SSL_set_trust() return 1 for success 54*b077aed3SPierre Proncheryand 0 for failure. 55e71b7053SJung-uk Kim 56da327cd2SJung-uk Kim=head1 EXAMPLES 57da327cd2SJung-uk Kim 58da327cd2SJung-uk KimCheck hostname matches "www.foo.com" in peer certificate: 59da327cd2SJung-uk Kim 60da327cd2SJung-uk Kim X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); 61da327cd2SJung-uk Kim X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); 62da327cd2SJung-uk Kim 63e71b7053SJung-uk Kim=head1 SEE ALSO 64e71b7053SJung-uk Kim 65*b077aed3SPierre ProncheryL<ssl(7)>, 66e71b7053SJung-uk KimL<X509_VERIFY_PARAM_set_flags(3)> 67e71b7053SJung-uk Kim 68e71b7053SJung-uk Kim=head1 HISTORY 69e71b7053SJung-uk Kim 706935a639SJung-uk KimThese functions were added in OpenSSL 1.0.2. 71e71b7053SJung-uk Kim 72e71b7053SJung-uk Kim=head1 COPYRIGHT 73e71b7053SJung-uk Kim 74*b077aed3SPierre ProncheryCopyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 75e71b7053SJung-uk Kim 76*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 77e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 78e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 79e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 80e71b7053SJung-uk Kim 81e71b7053SJung-uk Kim=cut 82