xref: /freebsd/crypto/openssl/doc/man3/SSL_get_verify_result.pod (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1=pod
2
3=head1 NAME
4
5SSL_get_verify_result - get result of peer certificate verification
6
7=head1 SYNOPSIS
8
9 #include <openssl/ssl.h>
10
11 long SSL_get_verify_result(const SSL *ssl);
12
13=head1 DESCRIPTION
14
15SSL_get_verify_result() returns the result of the verification of the
16X509 certificate presented by the peer, if any.
17
18=head1 NOTES
19
20SSL_get_verify_result() can only return one error code while the verification
21of a certificate can fail because of many reasons at the same time. Only
22the last verification error that occurred during the processing is available
23from SSL_get_verify_result().
24
25Sometimes there can be a sequence of errors leading to the verification
26failure as reported by SSL_get_verify_result().
27To get the errors, it is necessary to setup a verify callback via
28L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors
29from the error stack there, because once L<SSL_connect(3)> returns,
30these errors may no longer be available.
31
32The verification result is part of the established session and is restored
33when a session is reused.
34
35=head1 BUGS
36
37If no peer certificate was presented, the returned result code is
38X509_V_OK. This is because no verification error occurred, it does however
39not indicate success. SSL_get_verify_result() is only useful in connection
40with L<SSL_get_peer_certificate(3)>.
41
42=head1 RETURN VALUES
43
44The following return values can currently occur:
45
46=over 4
47
48=item X509_V_OK
49
50The verification succeeded or no peer certificate was presented.
51
52=item Any other value
53
54Documented in L<openssl-verify(1)>.
55
56=back
57
58=head1 SEE ALSO
59
60L<ssl(7)>, L<SSL_set_verify_result(3)>,
61L<SSL_get_peer_certificate(3)>,
62L<openssl-verify(1)>
63
64=head1 COPYRIGHT
65
66Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
67
68Licensed under the Apache License 2.0 (the "License").  You may not use
69this file except in compliance with the License.  You can obtain a copy
70in the file LICENSE in the source distribution or at
71L<https://www.openssl.org/source/license.html>.
72
73=cut
74