"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.1.1b/doc/man3/SSL_CTX_get0_param.pod" (26 Feb 2019, 1775 Bytes) of package /linux/misc/openssl-1.1.1b.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested pod source page into HTML format but links to other pod pages may be missing or even errorneous. Alternatively you can here view or download the uninterpreted pod source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the last Fossies "Diffs" side-by-side code changes report for "SSL_CTX_get0_param.pod": 1.1.1a_vs_1.1.1b.


SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param - get and set verification parameters


 #include <openssl/ssl.h>

 X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
 X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
 int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)


SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to the verification parameters for ctx or ssl respectively. The returned pointer must not be freed by the calling application.

SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters to vpm for ctx or ssl.


Typically parameters are retrieved from an SSL_CTX or SSL structure using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies them to suit its needs: for example to add a hostname check.


Check hostname matches "www.foo.com" in peer certificate:

 X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
 X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);


SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an X509_VERIFY_PARAM structure.

SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0 for failure.




These functions were added in OpenSSL 1.0.2.


Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.