gtpc1m6a | Transmission Control Protocol/Internet Protocol |
The SSL_set_verify function indicates whether to verify the
identity of the remote application or not when the Secure Sockets Layer (SSL)
session is started.
Format
#include <openssl/ssl.h>
void SSL_set_verify(SSL *ssl, int mode, int (*cb)
(int ok,X509_STORE_CTX *ctx))
- ssl
- A pointer to a token returned on the SSL_new call.
- mode
- One or more of the following verify options:
- SSL_VERIFY_NONE
- Use this option if you do not want to verify the identity of the remote
peer. This option must be used alone; no other options can be
specified. Consider the following when using this option:
- If the application is a server, the application will not request the
certificate for the remote client application when the SSL session is
started.
- If the application is a client, the certificate for the remote server
application will be validated; however, the SSL session will be started
regardless of whether or not the certificate for the remote server application
is valid. Issue the SSL_get_verify_result function to check
whether or not the certificate for the server is valid.
- SSL_VERIFY_PEER
- Use this option to verify the identify of the remote peer when the SSL
session is started. Consider the following when using this
option:
- If the application is a server, the application will request and verify
the certificate for the remote client application when the SSL session is
started. If the remote client application provides a certificate that
is not valid, the SSL session fails.
- If the application is a client, the certificate for the remote server
application is validated. If the certificate for the remote server
application is not valid, the SSL session fails.
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT
- Use this option to request that the remote client application send its
certificate when the SSL session is starting, and to end the SSL session if no
certificate is provided. This option only has meaning if the
SSL_VERIFY_PEER option is also set. Do not use this option when your
application is the client.
- SSL_VERIFY_CLIENT_ONCE
- Use this option to verify the identity of the remote client application
when the SSL session is first started. If the SSL session is
renegotiated, do not verify the identify of the client application
again. This option only has meaning if the SSL_VERIFY_PEER option is
also set. Do not use this option when your application is the
client.
- cb
- A pointer set to NULL.
Normal Return
None.
Error Return
None.
Programming Considerations
The default value for the verify mode is SSL_VERIFY_NONE when the CTX
structure is created. You must issue the SSL_set_verify
function or the SSL_CTX_set_verify function with the
SSL_VERIFY_PEER option if you want to authenticate remote peers when SSL
sessions are started.
Examples
For sample SSL applications, go to http://www.ibm.com/tpf/pubs/tpfpubs.htm,
click SSL for the TPF 4.1 System: An Online User's
Guide, and click Examples from the left navigation
bar.
Related Information