1X509_VERIFY_CERT(3) OpenSSL X509_VERIFY_CERT(3)
2
6 X509_verify_cert - discover and verify X509 certificate chain
7
9 #include <openssl/x509.h>
10 int X509_verify_cert(X509_STORE_CTX *ctx);
12
14 The X509_verify_cert() function attempts to discover and validate a
15 certificate chain based on parameters in ctx. A complete description of
16 the process is contained in the verify(1) manual page.
17
19 If a complete chain can be built and validated this function returns 1,
20 otherwise it return zero, in exceptional circumstances it can also
21 return a negative code.
22 If the function fails additional error information can be obtained by
24 examining ctx using, for example X509_STORE_CTX_get_error().
25
27 Applications rarely call this function directly but it is used by
28 OpenSSL internally for certificate validation, in both the S/MIME and
29 SSL/TLS code.
30 A negative return value from X509_verify_cert() can occur if it is
32 invoked incorrectly, such as with no certificate set in ctx, or when it
33 is called twice in succession without reinitialising ctx for the second
34 call. A negative return value can also happen due to internal resource
35 problems or if a retry operation is requested during internal lookups
36 (which never happens with standard lookup methods). Applications must
37 check for <= 0 return value on error.
38
40 This function uses the header x509.h as opposed to most chain
41 verification functions which use x509_vfy.h.
42
44 X509_STORE_CTX_get_error(3)
45
47 Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
48 Licensed under the OpenSSL license (the "License"). You may not use
50 this file except in compliance with the License. You can obtain a copy
51 in the file LICENSE in the source distribution or at
52 <https://www.openssl.org/source/license.html>.
531.1.1q 2023-07-20 X509_VERIFY_CERT(3)