Certificate Verification Callback
The certificate verification callback is invoked for every certificate in the certificate chain that is passed to the client during the handshake. This callback is set with either RWSecureSocketContext::setCertificateVerifyCallback() or RWSecureSocketContext::setVerify(). The signature of the callback function is:
extern “C” int verify_callback(int ok, X509_STORE_CTX* store);
The following table describes the parameters and their definitions.
Parameter | Definition |
---|
int ok | Contains 0 if the certificate failed or 1 if the certificate passed the internal verification procedure. |
X509_STORE_CTX* store | References or points to the certificate data. You can use store to determine if you want to accept a certificate that the internal verification procedure rejected. For more information, see the manual that comes with your OpenSSL libraries. |
The callback should return 0 if the certificate failed or 1 if the certificate passed your verification procedure, after taking into account what the internal verification procedure returned. Normally the ok parameter is returned, because the internal verification procedure is usually sufficient.
For more information, see the description of the function SSL_CTX_set_verify() in the OpenSSL reference guide.