12 - set various SSL/TLS parameters for peer certificate verification
50 This would be typically done in case the certificate verification was not yet
57 server certificate verification step.
62 SSL_CTX_set_verify_depth() sets the maximum B<depth> for the certificate chain
65 SSL_set_verify_depth() sets the maximum B<depth> for the certificate chain
72 sent. A certificate callback will need to be set via
73 SSL_CTX_set_client_cert_cb() if no certificate is provided at initialization.
88 B<Server mode:> the server will not send a client certificate request to the
89 client, so the client will not send a certificate.
92 server will send a certificate which will be checked. The result of the
93 certificate verification process can be checked after the TLS/SSL handshake
99 B<Server mode:> the server sends a client certificate request to the client.
100 The certificate returned (if any) is checked. If the verification process
108 B<Client mode:> the server certificate is verified. If the verification process
111 the verification failure. If no server certificate is sent, because an
116 B<Server mode:> if the client did not return a certificate, the TLS/SSL
124 B<Server mode:> only request a client certificate once during the
125 connection. Do not ask for a client certificate again during
126 renegotiation or post-authentication if a certificate was requested
134 B<Server mode:> the server will not send a client certificate request
163 certificate chain needed to reach a trusted issuer is longer than B<depth+2>,
165 The depth count is "level 0:peer certificate", "level 1: CA certificate",
166 "level 2: higher level CA certificate", and so on. Setting the maximum
170 allowing for the peer certificate, at most 100 intermediate CA certificates and
171 a final trust anchor certificate.
176 the certificate in question was passed (preverify_ok=1) or not
178 for the certificate chain verification.
180 The certificate chain is checked starting with the deepest nesting level
181 (the root CA certificate) and worked upward to the peer's certificate.
185 X509_CTX_store_* functions B<verify_callback> can locate the certificate
187 found for a certificate, B<verify_callback> is called with B<preverify_ok>=1
208 certificate or certificate callback to its configuration before it can
213 extension. When the client returns a certificate the verify callback will be
216 Only one certificate request may be outstanding at any time.
246 All verification errors are printed; information about the certificate chain
287       * Catch a too long certificate chain. The depth limit set using
349          /* The client sent a certificate which verified OK */

Last Index update Fri Nov 29 22:08:30 UTC 2024

Dedicated to & Maintained by Room-11