SSL_CTX_set_verify_depth, SSL_set_verify_depth,
SSL_verify_cb,
SSL_verify_client_post_handshake,
-SSL_force_post_handshake_auth
+SSL_set_post_handshake_auth
- set peer certificate verification parameters
=head1 SYNOPSIS
void SSL_set_verify_depth(SSL *ssl, int depth);
int SSL_verify_client_post_handshake(SSL *ssl);
- void SSL_force_post_handshake_auth(SSL *ssl);
+ void SSL_set_post_handshake_auth(SSL *ssl, int val);
=head1 DESCRIPTION
SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
verification that shall be allowed for B<ssl>.
-SSL_force_post_handshake_auth() forces the Post-Handshake Authentication
-extension to be added to the ClientHello regardless of certificate configuration
-at the time of the initial handshake, such that post-handshake authentication
-can be requested by the server. A certificate callback will need to be set via
-SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
+SSL_set_post_handshake_auth() enables the Post-Handshake Authentication
+extension to be added to the ClientHello such that post-handshake authentication
+can be requested by the server. If B<val> is 0 then the extension is not sent,
+otherwise it is. By default the extension is not sent. A certificate callback
+will need to be set via SSL_CTX_set_client_cert_cb() if no certificate is
+provided at initialization.
SSL_verify_client_post_handshake() causes a CertificateRequest message to be
sent by a server on the given B<ssl> connection. The SSL_VERIFY_PEER flag must
=head1 HISTORY
The SSL_VERIFY_POST_HANDSHAKE option, and the SSL_verify_client_post_handshake()
-and SSL_force_post_handshake_auth() functions were added in OpenSSL 1.1.1.
+and SSL_set_post_handshake_auth() functions were added in OpenSSL 1.1.1.
=head1 COPYRIGHT
projects / openssl.git / blobdiff