1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5e71b7053SJung-uk KimSSL_get_verify_result - get result of peer certificate verification 6e71b7053SJung-uk Kim 7e71b7053SJung-uk Kim=head1 SYNOPSIS 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim #include <openssl/ssl.h> 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim long SSL_get_verify_result(const SSL *ssl); 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim=head1 DESCRIPTION 14e71b7053SJung-uk Kim 15e71b7053SJung-uk KimSSL_get_verify_result() returns the result of the verification of the 16e71b7053SJung-uk KimX509 certificate presented by the peer, if any. 17e71b7053SJung-uk Kim 18e71b7053SJung-uk Kim=head1 NOTES 19e71b7053SJung-uk Kim 20e71b7053SJung-uk KimSSL_get_verify_result() can only return one error code while the verification 21e71b7053SJung-uk Kimof a certificate can fail because of many reasons at the same time. Only 22e71b7053SJung-uk Kimthe last verification error that occurred during the processing is available 23e71b7053SJung-uk Kimfrom SSL_get_verify_result(). 24e71b7053SJung-uk Kim 25*aa795734SPierre ProncherySometimes there can be a sequence of errors leading to the verification 26*aa795734SPierre Proncheryfailure as reported by SSL_get_verify_result(). 27*aa795734SPierre ProncheryTo get the errors, it is necessary to setup a verify callback via 28*aa795734SPierre ProncheryL<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors 29*aa795734SPierre Proncheryfrom the error stack there, because once L<SSL_connect(3)> returns, 30*aa795734SPierre Proncherythese errors may no longer be available. 31*aa795734SPierre Pronchery 32e71b7053SJung-uk KimThe verification result is part of the established session and is restored 33e71b7053SJung-uk Kimwhen a session is reused. 34e71b7053SJung-uk Kim 35e71b7053SJung-uk Kim=head1 BUGS 36e71b7053SJung-uk Kim 37e71b7053SJung-uk KimIf no peer certificate was presented, the returned result code is 38e71b7053SJung-uk KimX509_V_OK. This is because no verification error occurred, it does however 39e71b7053SJung-uk Kimnot indicate success. SSL_get_verify_result() is only useful in connection 40e71b7053SJung-uk Kimwith L<SSL_get_peer_certificate(3)>. 41e71b7053SJung-uk Kim 42e71b7053SJung-uk Kim=head1 RETURN VALUES 43e71b7053SJung-uk Kim 44e71b7053SJung-uk KimThe following return values can currently occur: 45e71b7053SJung-uk Kim 46e71b7053SJung-uk Kim=over 4 47e71b7053SJung-uk Kim 48e71b7053SJung-uk Kim=item X509_V_OK 49e71b7053SJung-uk Kim 50e71b7053SJung-uk KimThe verification succeeded or no peer certificate was presented. 51e71b7053SJung-uk Kim 52e71b7053SJung-uk Kim=item Any other value 53e71b7053SJung-uk Kim 54b077aed3SPierre ProncheryDocumented in L<openssl-verify(1)>. 55e71b7053SJung-uk Kim 56e71b7053SJung-uk Kim=back 57e71b7053SJung-uk Kim 58e71b7053SJung-uk Kim=head1 SEE ALSO 59e71b7053SJung-uk Kim 60e71b7053SJung-uk KimL<ssl(7)>, L<SSL_set_verify_result(3)>, 61e71b7053SJung-uk KimL<SSL_get_peer_certificate(3)>, 62b077aed3SPierre ProncheryL<openssl-verify(1)> 63e71b7053SJung-uk Kim 64e71b7053SJung-uk Kim=head1 COPYRIGHT 65e71b7053SJung-uk Kim 66*aa795734SPierre ProncheryCopyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved. 67e71b7053SJung-uk Kim 68b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 69e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 70e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 71e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 72e71b7053SJung-uk Kim 73e71b7053SJung-uk Kim=cut 74