1*4cb74a97Sjsg.\" $OpenBSD: SSL_set1_param.3,v 1.6 2022/09/10 10:22:46 jsg Exp $ 23be606cbSschwarze.\" full merge up to: 33be606cbSschwarze.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400 4ebb2a8bbSschwarze.\" 5ebb2a8bbSschwarze.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 6ebb2a8bbSschwarze.\" Copyright (c) 2015 The OpenSSL Project. All rights reserved. 7ebb2a8bbSschwarze.\" 8ebb2a8bbSschwarze.\" Redistribution and use in source and binary forms, with or without 9ebb2a8bbSschwarze.\" modification, are permitted provided that the following conditions 10ebb2a8bbSschwarze.\" are met: 11ebb2a8bbSschwarze.\" 12ebb2a8bbSschwarze.\" 1. Redistributions of source code must retain the above copyright 13ebb2a8bbSschwarze.\" notice, this list of conditions and the following disclaimer. 14ebb2a8bbSschwarze.\" 15ebb2a8bbSschwarze.\" 2. Redistributions in binary form must reproduce the above copyright 16ebb2a8bbSschwarze.\" notice, this list of conditions and the following disclaimer in 17ebb2a8bbSschwarze.\" the documentation and/or other materials provided with the 18ebb2a8bbSschwarze.\" distribution. 19ebb2a8bbSschwarze.\" 20ebb2a8bbSschwarze.\" 3. All advertising materials mentioning features or use of this 21ebb2a8bbSschwarze.\" software must display the following acknowledgment: 22ebb2a8bbSschwarze.\" "This product includes software developed by the OpenSSL Project 23ebb2a8bbSschwarze.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24ebb2a8bbSschwarze.\" 25ebb2a8bbSschwarze.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26ebb2a8bbSschwarze.\" endorse or promote products derived from this software without 27ebb2a8bbSschwarze.\" prior written permission. For written permission, please contact 28ebb2a8bbSschwarze.\" openssl-core@openssl.org. 29ebb2a8bbSschwarze.\" 30ebb2a8bbSschwarze.\" 5. Products derived from this software may not be called "OpenSSL" 31ebb2a8bbSschwarze.\" nor may "OpenSSL" appear in their names without prior written 32ebb2a8bbSschwarze.\" permission of the OpenSSL Project. 33ebb2a8bbSschwarze.\" 34ebb2a8bbSschwarze.\" 6. Redistributions of any form whatsoever must retain the following 35ebb2a8bbSschwarze.\" acknowledgment: 36ebb2a8bbSschwarze.\" "This product includes software developed by the OpenSSL Project 37ebb2a8bbSschwarze.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38ebb2a8bbSschwarze.\" 39ebb2a8bbSschwarze.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40ebb2a8bbSschwarze.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41ebb2a8bbSschwarze.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42ebb2a8bbSschwarze.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43ebb2a8bbSschwarze.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44ebb2a8bbSschwarze.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45ebb2a8bbSschwarze.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46ebb2a8bbSschwarze.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47ebb2a8bbSschwarze.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48ebb2a8bbSschwarze.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49ebb2a8bbSschwarze.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50ebb2a8bbSschwarze.\" OF THE POSSIBILITY OF SUCH DAMAGE. 51ebb2a8bbSschwarze.\" 52*4cb74a97Sjsg.Dd $Mdocdate: September 10 2022 $ 53ebb2a8bbSschwarze.Dt SSL_SET1_PARAM 3 54ebb2a8bbSschwarze.Os 55ebb2a8bbSschwarze.Sh NAME 563be606cbSschwarze.Nm SSL_CTX_get0_param , 573be606cbSschwarze.Nm SSL_get0_param , 58ebb2a8bbSschwarze.Nm SSL_CTX_set1_param , 59ebb2a8bbSschwarze.Nm SSL_set1_param 603be606cbSschwarze.Nd get and set verification parameters 61ebb2a8bbSschwarze.Sh SYNOPSIS 62ebb2a8bbSschwarze.In openssl/ssl.h 633be606cbSschwarze.Ft X509_VERIFY_PARAM * 643be606cbSschwarze.Fo SSL_CTX_get0_param 653be606cbSschwarze.Fa "SSL_CTX *ctx" 663be606cbSschwarze.Fc 673be606cbSschwarze.Ft X509_VERIFY_PARAM * 683be606cbSschwarze.Fo SSL_get0_param 693be606cbSschwarze.Fa "SSL *ssl" 703be606cbSschwarze.Fc 71ebb2a8bbSschwarze.Ft int 72ebb2a8bbSschwarze.Fo SSL_CTX_set1_param 73ebb2a8bbSschwarze.Fa "SSL_CTX *ctx" 74ebb2a8bbSschwarze.Fa "X509_VERIFY_PARAM *vpm" 75ebb2a8bbSschwarze.Fc 76ebb2a8bbSschwarze.Ft int 77ebb2a8bbSschwarze.Fo SSL_set1_param 78ebb2a8bbSschwarze.Fa "SSL *ssl" 79ebb2a8bbSschwarze.Fa "X509_VERIFY_PARAM *vpm" 80ebb2a8bbSschwarze.Fc 81ebb2a8bbSschwarze.Sh DESCRIPTION 823be606cbSschwarze.Fn SSL_CTX_get0_param 833be606cbSschwarzeand 843be606cbSschwarze.Fn SSL_get0_param 853be606cbSschwarzeretrieve an internal pointer to the verification parameters for 863be606cbSschwarze.Fa ctx 873be606cbSschwarzeor 883be606cbSschwarze.Fa ssl , 893be606cbSschwarzerespectively. 903be606cbSschwarzeThe returned pointer must not be freed by the calling application, 91*4cb74a97Sjsgbut the application can modify the parameters pointed to, 923be606cbSschwarzeto suit its needs: for example to add a hostname check. 933be606cbSschwarze.Pp 94ebb2a8bbSschwarze.Fn SSL_CTX_set1_param 95ebb2a8bbSschwarzeand 96ebb2a8bbSschwarze.Fn SSL_set1_param 97ebb2a8bbSschwarzeset the verification parameters to 98ebb2a8bbSschwarze.Fa vpm 99ebb2a8bbSschwarzefor 100ebb2a8bbSschwarze.Fa ctx 101ebb2a8bbSschwarzeor 102ebb2a8bbSschwarze.Fa ssl . 103ebb2a8bbSschwarze.Sh RETURN VALUES 1043be606cbSschwarze.Fn SSL_CTX_get0_param 1053be606cbSschwarzeand 1063be606cbSschwarze.Fn SSL_get0_param 1073be606cbSschwarzereturn a pointer to an 1083be606cbSschwarze.Vt X509_VERIFY_PARAM 1093be606cbSschwarzestructure. 1103be606cbSschwarze.Pp 111ebb2a8bbSschwarze.Fn SSL_CTX_set1_param 112ebb2a8bbSschwarzeand 113ebb2a8bbSschwarze.Fn SSL_set1_param 114ebb2a8bbSschwarzereturn 1 for success or 0 for failure. 1153be606cbSschwarze.Sh EXAMPLES 1163be606cbSschwarzeCheck that the hostname matches 1173be606cbSschwarze.Pa www.foo.com 1183be606cbSschwarzein the peer certificate: 1193be606cbSschwarze.Bd -literal -offset indent 1203be606cbSschwarzeX509_VERIFY_PARAM *vpm = SSL_get0_param(ssl); 1213be606cbSschwarzeX509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0); 1223be606cbSschwarze.Ed 123ebb2a8bbSschwarze.Sh SEE ALSO 1247a73e666Sschwarze.Xr ssl 3 , 125ebb2a8bbSschwarze.Xr X509_VERIFY_PARAM_set_flags 3 126ebb2a8bbSschwarze.Sh HISTORY 12756f30f46Sschwarze.Fn SSL_CTX_set1_param 12856f30f46Sschwarzeand 12956f30f46Sschwarze.Fn SSL_set1_param 13056f30f46Sschwarzefirst appeared in OpenSSL 1.0.0 and have been available since 13156f30f46Sschwarze.Ox 4.9 . 132a8f3fffcSschwarze.Pp 133a8f3fffcSschwarze.Fn SSL_CTX_get0_param 134a8f3fffcSschwarzeand 135a8f3fffcSschwarze.Fn SSL_get0_param 136a8f3fffcSschwarzefirst appeared in OpenSSL 1.0.2 and have been available since 137a8f3fffcSschwarze.Ox 6.3 . 138