Unix/Linux Go Back    

RedHat 9 (Linux i386) - man page for ne_ssl_set_verify (redhat section 3)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

NE_SSL_SET_VERIFY(3)			neon API reference		     NE_SSL_SET_VERIFY(3)

       ne_ssl_set_verify - register an SSL certificate verification callback

       #include <ne_session.h>

       typedef int (*ne_ssl_verify_fn) (void *userdata, int failures,
					 const ne_ssl_certificate *cert);

       void ne_ssl_set_verify (ne_session *session, ne_ssl_verify_fn verify_fn, void *userdata);

       To enable manual  SSL  certificate  verification,  a  callback  can  be	registered  using
       ne_ssl_set_verify.  If such a callback is not registered, when a connection is established
       to an SSL server which does not	present  a  certificate  signed  by  a	trusted  CA  (see
       ne_ssl_load_ca(3)), or if the certificate presented is invalid in some way, the connection
       will fail.

       When the callback is invoked, the failures parameter gives a bitmask  indicating  in  what
       way  the  automatic certificate verification failed. The value is equal to the bit-wise OR
       of one or more of the following constants (and is guaranteed to be non-zero):

	      The certificate is not yet valid.

	      The certificate has expired.

	      The hostname used for the session does not match the hostname to which the certifi-
	      cate was issued: this could mean that the connection has been intercepted.

	      The Certificate Authority which signed the certificate is not trusted.

       The cert parameter passed to the callback describes the certificate which was presented by
       the server, see ne_ssl_certificate(3) for more details. The certificate	object	given  is
       only valid until the callback returns.

       The  verification  callback  must  return  zero to indicate that the certificate should be
       trusted; and non-zero otherwise (in which case, the connection will fail).

       Manual certificate verification:

       static int
       my_verify(void *userdata, int failures, const ne_ssl_certificate *cert)
	  /* leak the return values of ne_ssl_readable_dname for simplicity! */
	  printf("Issuer: %s\n", ne_ssl_readable_dname(cert->issuer);
	  printf("Subject: %s\n", ne_ssl_readable_dname(cert->subject);
	  if (failures & NE_SSL_CNMISMATCH) {
	     printf("Server certificate was issued to `%s'; "
		    "connection may have been intercepted!\n",
	  if (failures & NE_SSL_EXPIRED) {
	     printf("Server certificate expired on %s!", cert->until);
	  /* ... check for other failures ... */
	  if (prompt_user())
	     return 1; /* fail verification */
	     return 0; /* trust certificate */

	   ne_session *sess = ne_session_create("https", "some.host.name", 443);
	   ne_ssl_set_verify(sess, my_verify, NULL);

       ne_ssl_certificate(3), ne_ssl_load_ca(3), ne_ssl_dname(3), ne_ssl_readable_dname(3)

       Joe Orton <neon@webdav.org>.

neon 0.23.5				  8 October 2002		     NE_SSL_SET_VERIFY(3)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 10:23 PM.