5 X509_verify_cert - discover and verify X509 certificate chain
9 #include <openssl/x509.h>
11 int X509_verify_cert(X509_STORE_CTX *ctx);
15 The X509_verify_cert() function attempts to discover and validate a
16 certificate chain based on parameters in B<ctx>. A complete description of
17 the process is contained in the L<openssl-verify(1)> manual page.
19 Applications rarely call this function directly but it is used by
20 OpenSSL internally for certificate validation, in both the S/MIME and
23 A negative return value from X509_verify_cert() can occur if it is invoked
24 incorrectly, such as with no certificate set in B<ctx>, or when it is called
25 twice in succession without reinitialising B<ctx> for the second call.
26 A negative return value can also happen due to internal resource problems or if
27 a retry operation is requested during internal lookups (which never happens
28 with standard lookup methods).
29 Applications must check for <= 0 return value on error.
33 If a complete chain can be built and validated this function returns 1,
34 otherwise it return zero, in exceptional circumstances it can also
35 return a negative code.
37 If the function fails additional error information can be obtained by
38 examining B<ctx> using, for example X509_STORE_CTX_get_error().
42 This function uses the header F<< <x509.h> >>
43 as opposed to most chain verification
44 functions which use F<< <x509_vfy.h> >>.
48 L<X509_STORE_CTX_get_error(3)>
52 Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.
54 Licensed under the Apache License 2.0 (the "License"). You may not use
55 this file except in compliance with the License. You can obtain a copy
56 in the file LICENSE in the source distribution or at
57 L<https://www.openssl.org/source/license.html>.
projects / openssl.git / blob