lib/libssl/man/SSL_set1_param.3 at jcs

jcs.org / openbsd-src
fork atom
jcs's openbsd hax
openbsd
fork atom
openbsd-src / lib / libssl / man / SSL_set1_param.3
at jcs 138 lines 4.3 kB view raw
wrap content
schwarze .Lb libssl libcrypto ; OK tb@ 10mo ago
a8680c8b
  1.\" $OpenBSD: SSL_set1_param.3,v 1.7 2025/06/08 22:52:00 schwarze Exp $
  2.\" full merge up to:
  3.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400
  4.\"
  5.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
  6.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
  7.\"
  8.\" Redistribution and use in source and binary forms, with or without
  9.\" modification, are permitted provided that the following conditions
 10.\" are met:
 11.\"
 12.\" 1. Redistributions of source code must retain the above copyright
 13.\"    notice, this list of conditions and the following disclaimer.
 14.\"
 15.\" 2. Redistributions in binary form must reproduce the above copyright
 16.\"    notice, this list of conditions and the following disclaimer in
 17.\"    the documentation and/or other materials provided with the
 18.\"    distribution.
 19.\"
 20.\" 3. All advertising materials mentioning features or use of this
 21.\"    software must display the following acknowledgment:
 22.\"    "This product includes software developed by the OpenSSL Project
 23.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
 24.\"
 25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 26.\"    endorse or promote products derived from this software without
 27.\"    prior written permission. For written permission, please contact
 28.\"    openssl-core@openssl.org.
 29.\"
 30.\" 5. Products derived from this software may not be called "OpenSSL"
 31.\"    nor may "OpenSSL" appear in their names without prior written
 32.\"    permission of the OpenSSL Project.
 33.\"
 34.\" 6. Redistributions of any form whatsoever must retain the following
 35.\"    acknowledgment:
 36.\"    "This product includes software developed by the OpenSSL Project
 37.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
 38.\"
 39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 42.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
 51.\"
 52.Dd $Mdocdate: June 8 2025 $
 53.Dt SSL_SET1_PARAM 3
 54.Os
 55.Sh NAME
 56.Nm SSL_CTX_get0_param ,
 57.Nm SSL_get0_param ,
 58.Nm SSL_CTX_set1_param ,
 59.Nm SSL_set1_param
 60.Nd get and set verification parameters
 61.Sh SYNOPSIS
 62.Lb libssl libcrypto
 63.In openssl/ssl.h
 64.Ft X509_VERIFY_PARAM *
 65.Fo SSL_CTX_get0_param
 66.Fa "SSL_CTX *ctx"
 67.Fc
 68.Ft X509_VERIFY_PARAM *
 69.Fo SSL_get0_param
 70.Fa "SSL *ssl"
 71.Fc
 72.Ft int
 73.Fo SSL_CTX_set1_param
 74.Fa "SSL_CTX *ctx"
 75.Fa "X509_VERIFY_PARAM *vpm"
 76.Fc
 77.Ft int
 78.Fo SSL_set1_param
 79.Fa "SSL *ssl"
 80.Fa "X509_VERIFY_PARAM *vpm"
 81.Fc
 82.Sh DESCRIPTION
 83.Fn SSL_CTX_get0_param
 84and
 85.Fn SSL_get0_param
 86retrieve an internal pointer to the verification parameters for
 87.Fa ctx
 88or
 89.Fa ssl ,
 90respectively.
 91The returned pointer must not be freed by the calling application,
 92but the application can modify the parameters pointed to,
 93to suit its needs: for example to add a hostname check.
 94.Pp
 95.Fn SSL_CTX_set1_param
 96and
 97.Fn SSL_set1_param
 98set the verification parameters to
 99.Fa vpm
100for
101.Fa ctx
102or
103.Fa ssl .
104.Sh RETURN VALUES
105.Fn SSL_CTX_get0_param
106and
107.Fn SSL_get0_param
108return a pointer to an
109.Vt X509_VERIFY_PARAM
110structure.
111.Pp
112.Fn SSL_CTX_set1_param
113and
114.Fn SSL_set1_param
115return 1 for success or 0 for failure.
116.Sh EXAMPLES
117Check that the hostname matches
118.Pa www.foo.com
119in the peer certificate:
120.Bd -literal -offset indent
121X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
122X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
123.Ed
124.Sh SEE ALSO
125.Xr ssl 3 ,
126.Xr X509_VERIFY_PARAM_set_flags 3
127.Sh HISTORY
128.Fn SSL_CTX_set1_param
129and
130.Fn SSL_set1_param
131first appeared in OpenSSL 1.0.0 and have been available since
132.Ox 4.9 .
133.Pp
134.Fn SSL_CTX_get0_param
135and
136.Fn SSL_get0_param
137first appeared in OpenSSL 1.0.2 and have been available since
138.Ox 6.3 .