=head1 NAME
-PKCS7_verify - verify a PKCS#7 signedData structure
+PKCS7_verify, PKCS7_get0_signers - verify a PKCS#7 signedData structure
=head1 SYNOPSIS
-int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+ #include <openssl/pkcs7.h>
-int PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
+
+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
=head1 DESCRIPTION
PKCS7_verify() verifies a PKCS#7 signedData structure. B<p7> is the PKCS7
structure to verify. B<certs> is a set of certificates in which to search for
-the signer's certificate. B<store> is a trusted certficate store (used for
+the signer's certificate. B<store> is a trusted certificate store (used for
chain verification). B<indata> is the signed data if the content is not
present in B<p7> (that is it is detached). The content is written to B<out>
if it is not NULL.
=head1 RETURN VALUES
-PKCS7_verify() returns 1 for a successful verification and zero or a negative
-value if an error occurs.
+PKCS7_verify() returns one for a successful verification and zero
+if an error occurs.
PKCS7_get0_signers() returns all signers or B<NULL> if an error occurred.
this is primarily due to the inadequacies of the current B<X509_STORE>
functionality.
+The lack of single pass processing and need to hold all data in memory as
+mentioned in PKCS7_sign() also applies to PKCS7_verify().
+
=head1 SEE ALSO
L<ERR_get_error(3)|ERR_get_error(3)>, L<PKCS7_sign(3)|PKCS7_sign(3)>
=head1 HISTORY
-TBA
+PKCS7_verify() was added to OpenSSL 0.9.5
=cut
projects / openssl.git / blobdiff