From e787e57d2fcf53c0141dcfdc5974bd8a706f0308 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Wed, 17 Mar 2004 12:11:09 +0000 Subject: This commit was manufactured by cvs2svn to create tag 'openssl-vendor-crypto-v0_9_7c_patch1'. --- .../doc/ssl/SSL_CTX_set_cert_verify_callback.pod | 75 ---------------------- 1 file changed, 75 deletions(-) delete mode 100644 crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod (limited to 'crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod') diff --git a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod b/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod deleted file mode 100644 index c0f4f8570851..000000000000 --- a/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod +++ /dev/null @@ -1,75 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure - -=head1 SYNOPSIS - - #include - - void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(X509_STORE_CTX *,void *), void *arg); - -=head1 DESCRIPTION - -SSL_CTX_set_cert_verify_callback() sets the verification callback function for -I. SSL objects that are created from I inherit the setting valid at -the time when L is called. - -=head1 NOTES - -Whenever a certificate is verified during a SSL/TLS handshake, a verification -function is called. If the application does not explicitly specify a -verification callback function, the built-in verification function is used. -If a verification callback I is specified via -SSL_CTX_set_cert_verify_callback(), the supplied callback function is called -instead. By setting I to NULL, the default behaviour is restored. - -When the verification must be performed, I will be called with -the arguments callback(X509_STORE_CTX *x509_store_ctx, void *arg). The -argument I is specified by the application when setting I. - -I should return 1 to indicate verification success and 0 to -indicate verification failure. If SSL_VERIFY_PEER is set and I -returns 0, the handshake will fail. As the verification procedure may -allow to continue the connection in case of failure (by always returning 1) -the verification result must be set in any case using the B -member of I so that the calling application will be informed -about the detailed result of the verification procedure! - -Within I, I has access to the I -function set using L. - -=head1 WARNINGS - -Do not mix the verification callback described in this function with the -B function called during the verification process. The -latter is set using the L -family of functions. - -Providing a complete verification procedure including certificate purpose -settings etc is a complex task. The built-in procedure is quite powerful -and in most cases it should be sufficient to modify its behaviour using -the B function. - -=head1 BUGS - -=head1 RETURN VALUES - -SSL_CTX_set_cert_verify_callback() does not provide diagnostic information. - -=head1 SEE ALSO - -L, L, -L, -L - -=head1 HISTORY - -Previous to OpenSSL 0.9.7, the I argument to B -was ignored, and I was called simply as - int (*callback)(X509_STORE_CTX *) -To compile software written for previous versions of OpenSSL, a dummy -argument will have to be added to I. - -=cut -- cgit v1.3