[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Dr. Stephen Henson
steve at openssl.org
Wed Jun 24 21:22:42 UTC 2015
The branch OpenSSL_1_0_2-stable has been updated
via edbc9050bed04de0f2cdbfd0f038a84007263c66 (commit)
from c00206c3269d75013ea3e41dec76d6b179502036 (commit)
- Log -----------------------------------------------------------------
commit edbc9050bed04de0f2cdbfd0f038a84007263c66
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Jun 17 15:51:41 2015 +0100
Add docs for ssl verification parameter functions.
Reviewed-by: Matt Caswell <matt at openssl.org>
(cherry picked from commit 77672802a665b26a44524a7a8091e56ee84bdf39)
-----------------------------------------------------------------------
Summary of changes:
doc/ssl/SSL_CTX_get0_param.pod | 55 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 55 insertions(+)
create mode 100644 doc/ssl/SSL_CTX_get0_param.pod
diff --git a/doc/ssl/SSL_CTX_get0_param.pod b/doc/ssl/SSL_CTX_get0_param.pod
new file mode 100644
index 0000000..332f181
--- /dev/null
+++ b/doc/ssl/SSL_CTX_get0_param.pod
@@ -0,0 +1,55 @@
+=pod
+
+=head1 NAME
+
+SSL_CTX_get0_param, SSL_get0_param, SSL_CTX_set1_param, SSL_set1_param -
+get and set verification parameters
+
+=head1 SYNOPSIS
+
+ #include <openssl/ssl.h>
+
+ X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+ X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+ int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+
+=head1 DESCRIPTION
+
+SSL_CTX_get0_param() and SSL_get0_param() retrieve an internal pointer to
+the verification parameters for B<ctx> or B<ssl> respectively. The returned
+pointer must not be freed by the calling application.
+
+SSL_CTX_set1_param() and SSL_set1_param() set the verification parameters
+to B<vpm> for B<ctx> or B<ssl>.
+
+=head1 NOTES
+
+Typically parameters are retrieved from an B<SSL_CTX> or B<SSL> structure
+using SSL_CTX_get0_param() or SSL_get0_param() and an application modifies
+them to suit its needs: for example to add a hostname check.
+
+=head1 EXAMPLE
+
+Check hostname matches "www.foo.com" in peer certificate:
+
+ X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
+ X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com");
+
+=head1 RETURN VALUES
+
+SSL_CTX_get0_param() and SSL_get0_param() return a pointer to an
+B<X509_VERIFY_PARAM> structure.
+
+SSL_CTX_set1_param() and SSL_set1_param() return 1 for success and 0
+for failure.
+
+=head1 SEE ALSO
+
+L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)>
+
+=head1 HISTORY
+
+These functions were first added to OpenSSL 1.0.2.
+
+=cut
More information about the openssl-commits
mailing list