5 SSL_get_verify_result - get result of peer certificate verification
9 #include <openssl/ssl.h>
11 long SSL_get_verify_result(const SSL *ssl);
15 SSL_get_verify_result() returns the result of the verification of the
16 X509 certificate presented by the peer, if any.
20 SSL_get_verify_result() can only return one error code while the verification
21 of a certificate can fail because of many reasons at the same time. Only
22 the last verification error that occurred during the processing is available
23 from SSL_get_verify_result().
25 Sometimes there can be a sequence of errors leading to the verification
26 failure as reported by SSL_get_verify_result().
27 To get the errors, it is necessary to setup a verify callback via
28 L<SSL_CTX_set_verify(3)> or L<SSL_set_verify(3)> and retrieve the errors
29 from the error stack there, because once L<SSL_connect(3)> returns,
30 these errors may no longer be available.
32 The verification result is part of the established session and is restored
33 when a session is reused.
37 If no peer certificate was presented, the returned result code is
38 X509_V_OK. This is because no verification error occurred, it does however
39 not indicate success. SSL_get_verify_result() is only useful in connection
40 with L<SSL_get_peer_certificate(3)>.
44 The following return values can currently occur:
50 The verification succeeded or no peer certificate was presented.
54 Documented in L<openssl-verify(1)>.
60 L<ssl(7)>, L<SSL_set_verify_result(3)>,
61 L<SSL_get_peer_certificate(3)>,
66 Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
68 Licensed under the Apache License 2.0 (the "License"). You may not use
69 this file except in compliance with the License. You can obtain a copy
70 in the file LICENSE in the source distribution or at
71 L<https://www.openssl.org/source/license.html>.