NAME¶

SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param — get and set verification parameters

SYNOPSIS¶

#include <openssl/ssl.h>

X509_VERIFY_PARAM *
SSL_CTX_get0_param(SSL_CTX *ctx);

X509_VERIFY_PARAM *
SSL_get0_param(SSL *ssl);

int
SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);

int
SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);

DESCRIPTION¶

SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to the verification parameters for ctx or ssl, respectively. The returned pointer must not be freed by the calling application, but the application can modify the parameters pointed to, to suit its needs: for example to add a hostname check.

SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters to vpm for ctx or ssl.

RETURN VALUES¶

SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an X509_VERIFY_PARAM structure.

SSL_CTX_set1_param() and SSL_set1_param() return 1 for success or 0 for failure.

EXAMPLES¶

Check that the hostname matches www.foo.com in the peer certificate:

X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);

SEE ALSO¶

ssl(3), X509_VERIFY_PARAM_set_flags(3)

HISTORY¶

SSL_CTX_set1_param() and SSL_set1_param() first appeared in OpenSSL 1.0.0 and have been available since OpenBSD 4.9.

SSL_CTX_get0_param() and SSL_get0_param() first appeared in OpenSSL 1.0.2 and have been available since OpenBSD 6.3.