xref: /freebsd/crypto/openssl/doc/man3/SSL_set_retry_verify.pod (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1*b077aed3SPierre Pronchery=pod
2*b077aed3SPierre Pronchery
3*b077aed3SPierre Pronchery=head1 NAME
4*b077aed3SPierre Pronchery
5*b077aed3SPierre ProncherySSL_set_retry_verify - indicate that certificate verification should be retried
6*b077aed3SPierre Pronchery
7*b077aed3SPierre Pronchery=head1 SYNOPSIS
8*b077aed3SPierre Pronchery
9*b077aed3SPierre Pronchery #include <openssl/ssl.h>
10*b077aed3SPierre Pronchery
11*b077aed3SPierre Pronchery int SSL_set_retry_verify(SSL *ssl);
12*b077aed3SPierre Pronchery
13*b077aed3SPierre Pronchery=head1 DESCRIPTION
14*b077aed3SPierre Pronchery
15*b077aed3SPierre ProncherySSL_set_retry_verify() should be called from the certificate verification
16*b077aed3SPierre Proncherycallback on a client when the application wants to indicate that the handshake
17*b077aed3SPierre Proncheryshould be suspended and the control should be returned to the application.
18*b077aed3SPierre ProncheryL<SSL_want_retry_verify(3)> will return 1 as a consequence until the handshake
19*b077aed3SPierre Proncheryis resumed again by the application, retrying the verification step.
20*b077aed3SPierre Pronchery
21*b077aed3SPierre ProncheryPlease refer to L<SSL_CTX_set_cert_verify_callback(3)> for further details.
22*b077aed3SPierre Pronchery
23*b077aed3SPierre Pronchery=head1 NOTES
24*b077aed3SPierre Pronchery
25*b077aed3SPierre ProncheryThe effect of calling SSL_set_retry_verify() outside of the certificate
26*b077aed3SPierre Proncheryverification callback on the client side is undefined.
27*b077aed3SPierre Pronchery
28*b077aed3SPierre Pronchery=head1 RETURN VALUES
29*b077aed3SPierre Pronchery
30*b077aed3SPierre ProncherySSL_set_retry verify() returns 1 on success, 0 otherwise.
31*b077aed3SPierre Pronchery
32*b077aed3SPierre Pronchery=head1 EXAMPLES
33*b077aed3SPierre Pronchery
34*b077aed3SPierre ProncheryThe following code snippet shows how to obtain the B<SSL> object associated
35*b077aed3SPierre Proncherywith the B<X509_STORE_CTX> to call the SSL_set_retry_verify() function:
36*b077aed3SPierre Pronchery
37*b077aed3SPierre Pronchery    int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
38*b077aed3SPierre Pronchery    SSL *ssl;
39*b077aed3SPierre Pronchery
40*b077aed3SPierre Pronchery    /* this should not happen but check anyway */
41*b077aed3SPierre Pronchery    if (idx < 0
42*b077aed3SPierre Pronchery        || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
43*b077aed3SPierre Pronchery        return 0;
44*b077aed3SPierre Pronchery
45*b077aed3SPierre Pronchery    if (/* we need to retry verification callback */)
46*b077aed3SPierre Pronchery        return SSL_set_retry_verify(ssl);
47*b077aed3SPierre Pronchery
48*b077aed3SPierre Pronchery    /* do normal processing of the verification callback */
49*b077aed3SPierre Pronchery
50*b077aed3SPierre Pronchery=head1 SEE ALSO
51*b077aed3SPierre Pronchery
52*b077aed3SPierre ProncheryL<ssl(7)>, L<SSL_connect(3)>, L<SSL_CTX_set_cert_verify_callback(3)>,
53*b077aed3SPierre ProncheryL<SSL_want_retry_verify(3)>
54*b077aed3SPierre Pronchery
55*b077aed3SPierre Pronchery=head1 HISTORY
56*b077aed3SPierre Pronchery
57*b077aed3SPierre ProncherySSL_set_retry_verify() was added in OpenSSL 3.0.2 to replace backwards
58*b077aed3SPierre Proncheryincompatible handling of a negative return value from the verification
59*b077aed3SPierre Proncherycallback.
60*b077aed3SPierre Pronchery
61*b077aed3SPierre Pronchery=head1 COPYRIGHT
62*b077aed3SPierre Pronchery
63*b077aed3SPierre ProncheryCopyright 2022 The OpenSSL Project Authors. All Rights Reserved.
64*b077aed3SPierre Pronchery
65*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
66*b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
67*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
68*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
69*b077aed3SPierre Pronchery
70*b077aed3SPierre Pronchery=cut
71