| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | SSL_set_retry_verify - indicate that certificate verification should be retried
|
|---|
| 6 |
|
|---|
| 7 | =head1 SYNOPSIS
|
|---|
| 8 |
|
|---|
| 9 | #include <openssl/ssl.h>
|
|---|
| 10 |
|
|---|
| 11 | int SSL_set_retry_verify(SSL *ssl);
|
|---|
| 12 |
|
|---|
| 13 | =head1 DESCRIPTION
|
|---|
| 14 |
|
|---|
| 15 | SSL_set_retry_verify() should be called from the certificate verification
|
|---|
| 16 | callback on a client when the application wants to indicate that the handshake
|
|---|
| 17 | should be suspended and the control should be returned to the application.
|
|---|
| 18 | L<SSL_want_retry_verify(3)> will return 1 as a consequence until the handshake
|
|---|
| 19 | is resumed again by the application, retrying the verification step.
|
|---|
| 20 |
|
|---|
| 21 | Please refer to L<SSL_CTX_set_cert_verify_callback(3)> for further details.
|
|---|
| 22 |
|
|---|
| 23 | =head1 NOTES
|
|---|
| 24 |
|
|---|
| 25 | The effect of calling SSL_set_retry_verify() outside of the certificate
|
|---|
| 26 | verification callback on the client side is undefined.
|
|---|
| 27 |
|
|---|
| 28 | =head1 RETURN VALUES
|
|---|
| 29 |
|
|---|
| 30 | SSL_set_retry verify() returns 1 on success, 0 otherwise.
|
|---|
| 31 |
|
|---|
| 32 | =head1 EXAMPLES
|
|---|
| 33 |
|
|---|
| 34 | The following code snippet shows how to obtain the B<SSL> object associated
|
|---|
| 35 | with the B<X509_STORE_CTX> to call the SSL_set_retry_verify() function:
|
|---|
| 36 |
|
|---|
| 37 | int idx = SSL_get_ex_data_X509_STORE_CTX_idx();
|
|---|
| 38 | SSL *ssl;
|
|---|
| 39 |
|
|---|
| 40 | /* this should not happen but check anyway */
|
|---|
| 41 | if (idx < 0
|
|---|
| 42 | || (ssl = X509_STORE_CTX_get_ex_data(ctx, idx)) == NULL)
|
|---|
| 43 | return 0;
|
|---|
| 44 |
|
|---|
| 45 | if (/* we need to retry verification callback */)
|
|---|
| 46 | return SSL_set_retry_verify(ssl);
|
|---|
| 47 |
|
|---|
| 48 | /* do normal processing of the verification callback */
|
|---|
| 49 |
|
|---|
| 50 | =head1 SEE ALSO
|
|---|
| 51 |
|
|---|
| 52 | L<ssl(7)>, L<SSL_connect(3)>, L<SSL_CTX_set_cert_verify_callback(3)>,
|
|---|
| 53 | L<SSL_want_retry_verify(3)>
|
|---|
| 54 |
|
|---|
| 55 | =head1 HISTORY
|
|---|
| 56 |
|
|---|
| 57 | SSL_set_retry_verify() was added in OpenSSL 3.0.2 to replace backwards
|
|---|
| 58 | incompatible handling of a negative return value from the verification
|
|---|
| 59 | callback.
|
|---|
| 60 |
|
|---|
| 61 | =head1 COPYRIGHT
|
|---|
| 62 |
|
|---|
| 63 | Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 64 |
|
|---|
| 65 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 66 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 67 | in the file LICENSE in the source distribution or at
|
|---|
| 68 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 69 |
|
|---|
| 70 | =cut
|
|---|
