SSL_get_verify_result - get result of peer certificate verification
#include <openssl/ssl.h>
long SSL_get_verify_result(const SSL *ssl);
SSL_get_verify_result() returns the result of the verification of the
X509 certificate presented by the peer, if any.
SSL_get_verify_result() can only return one error code while the
verification of a certificate can fail because of many reasons at the same
time. Only the last verification error that occurred during the processing is
available from
SSL_get_verify_result().
Sometimes there can be a sequence of errors leading to the verification failure
as reported by
SSL_get_verify_result(). To get the errors, it is
necessary to setup a verify callback via
SSL_CTX_set_verify(3) or
SSL_set_verify(3) and retrieve the errors from the error stack there,
because once
SSL_connect(3) returns, these errors may no longer be
available.
The verification result is part of the established session and is restored when
a session is reused.
If no peer certificate was presented, the returned result code is X509_V_OK.
This is because no verification error occurred, it does however not indicate
success.
SSL_get_verify_result() is only useful in connection with
SSL_get_peer_certificate(3).
The following return values can currently occur:
- X509_V_OK
- The verification succeeded or no peer certificate was
presented.
- Any other value
- Documented in openssl-verify(1).
ssl(7),
SSL_set_verify_result(3),
SSL_get_peer_certificate(3),
openssl-verify(1)
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy in the
file LICENSE in the source distribution or at
<
https://www.openssl.org/source/license.html>.