Man page - ne_ssl_set_verify(3)
Packages contains this manual
- ne_iaddr_raw(3)
- ne_set_addrlist(3)
- ne_strparam(3)
- ne_buffer_clear(3)
- ne_get_response_header(3)
- ne_xml_destroy(3)
- ne_token(3)
- ne_set_read_timeout(3)
- ne_strdup(3)
- ne_iaddr_typeof(3)
- ne_set_connect_timeout(3)
- ne_shave(3)
- ne_addr_next(3)
- ne_addr_result(3)
- ne_ssl_cert_export(3)
- ne_response_header_iterate(3)
- ne_ssl_cert_cmp(3)
- ne_set_session_flag(3)
- ne_ssl_cert_issuer(3)
- ne_get_scheme(3)
- ne_buffer_concat(3)
- ne_close_connection(3)
- ne_session_proxy(3)
- ne_buffer_zappend(3)
- ne_print_request_header(3)
- ne_request_destroy(3)
- ne_ssl_cert_signedby(3)
- ne_get_response_location(3)
- ne_xml_create(3)
- ne_i18n_init(3)
- ne_buffer_create(3)
- ne_iaddr_print(3)
- ne_ssl_cert_free(3)
- ne_addr_resolve(3)
- ne_strndup(3)
- ne_buffer_finish(3)
- ne_ssl_clicert_free(3)
- ne_oom_callback(3)
- ne_session_destroy(3)
- neon-config(1)
- ne_malloc(3)
- ne_vstrhash(3)
- ne_iaddr_reverse(3)
- ne_sock_exit(3)
- ne_addr_first(3)
- ne_ssl_trust_cert(3)
- ne_forget_auth(3)
- ne_iaddr_make(3)
- ne_request_create(3)
- ne_set_request_body_provider(3)
- ne_session_create(3)
- ne_ssl_cert_write(3)
- ne_get_request_flag(3)
- ne_get_request_target(3)
- ne_redirect_register(3)
- ne_get_server_hostport(3)
- ne_ssl_trust_default_ca(3)
- ne_iaddr_free(3)
- ne_ssl_proto_name(3)
- ne_realloc(3)
- ne_buffer(3)
- ne_set_useragent(3)
- ne_ssl_clicert_read(3)
- ne_version_match(3)
- ne_session_system_proxy(3)
- ne_buffer_altered(3)
- ne_iaddr_cmp(3)
- ne_ssl_clicert_encrypted(3)
- ne_addr_destroy(3)
- ne_get_status(3)
- ne_addr_error(3)
- ne_session_socks_proxy(3)
- ne_ssl_cert_identity(3)
- ne_set_request_body_fd(3)
- ne_ssl_cert_subject(3)
- ne_status(3)
- ne_sock_init(3)
- ne_ssl_readable_dname(3)
- ne_set_proxy_auth(3)
- ne_buffer_append(3)
- ne_has_support(3)
- ne_redirect_location(3)
- ne_set_server_auth(3)
- ne_set_request_flag(3)
- ne_get_error(3)
- ne_buffer_ncreate(3)
- ne_ssl_set_verify(3)
- neon(3)
- ne_ssl_clicert_name(3)
- ne_ssl_clicert_owner(3)
- ne_ssl_dname_cmp(3)
- ne_strhash(3)
- ne_request_dispatch(3)
- ne_buffer_destroy(3)
- ne_add_request_header(3)
- ne_get_session_flag(3)
- ne_ssl_clicert_decrypt(3)
- ne_version_string(3)
- ne_calloc(3)
- ne_buffer_grow(3)
- ne_set_error(3)
- ne_qtoken(3)
- ne_ssl_set_protovers(3)
- ne_ssl_cert_read(3)
- ne_ssl_cert_import(3)
- ne_set_request_body_buffer(3)
- ne_iaddr_parse(3)
- ne_iaddr_raw(3)
- ne_set_addrlist(3)
- ne_strparam(3)
- ne_buffer_clear(3)
- ne_get_response_header(3)
- ne_xml_destroy(3)
- ne_token(3)
- ne_set_read_timeout(3)
- ne_strdup(3)
- ne_iaddr_typeof(3)
- ne_set_connect_timeout(3)
- ne_shave(3)
- ne_addr_next(3)
- ne_addr_result(3)
- ne_ssl_cert_export(3)
- ne_response_header_iterate(3)
- ne_ssl_cert_cmp(3)
- ne_set_session_flag(3)
- ne_ssl_cert_issuer(3)
- ne_get_scheme(3)
- ne_buffer_concat(3)
- ne_close_connection(3)
- ne_session_proxy(3)
- ne_buffer_zappend(3)
- ne_print_request_header(3)
- ne_request_destroy(3)
- ne_ssl_cert_signedby(3)
- ne_get_response_location(3)
- ne_xml_create(3)
- ne_i18n_init(3)
- ne_buffer_create(3)
- ne_iaddr_print(3)
- ne_ssl_cert_free(3)
- ne_addr_resolve(3)
- ne_strndup(3)
- ne_buffer_finish(3)
- ne_ssl_clicert_free(3)
- ne_oom_callback(3)
- ne_session_destroy(3)
- neon-config(1)
- ne_malloc(3)
- ne_vstrhash(3)
- ne_iaddr_reverse(3)
- ne_sock_exit(3)
- ne_addr_first(3)
- ne_ssl_trust_cert(3)
- ne_forget_auth(3)
- ne_iaddr_make(3)
- ne_request_create(3)
- ne_set_request_body_provider(3)
- ne_session_create(3)
- ne_ssl_cert_write(3)
- ne_get_request_flag(3)
- ne_get_request_target(3)
- ne_redirect_register(3)
- ne_get_server_hostport(3)
- ne_ssl_trust_default_ca(3)
- ne_iaddr_free(3)
- ne_ssl_proto_name(3)
- ne_realloc(3)
- ne_buffer(3)
- ne_set_useragent(3)
- ne_ssl_clicert_read(3)
- ne_version_match(3)
- ne_session_system_proxy(3)
- ne_buffer_altered(3)
- ne_iaddr_cmp(3)
- ne_ssl_clicert_encrypted(3)
- ne_addr_destroy(3)
- ne_get_status(3)
- ne_addr_error(3)
- ne_session_socks_proxy(3)
- ne_ssl_cert_identity(3)
- ne_set_request_body_fd(3)
- ne_ssl_cert_subject(3)
- ne_status(3)
- ne_sock_init(3)
- ne_ssl_readable_dname(3)
- ne_set_proxy_auth(3)
- ne_buffer_append(3)
- ne_has_support(3)
- ne_redirect_location(3)
- ne_set_server_auth(3)
- ne_set_request_flag(3)
- ne_get_error(3)
- ne_buffer_ncreate(3)
- ne_ssl_set_verify(3)
- neon(3)
- ne_ssl_clicert_name(3)
- ne_ssl_clicert_owner(3)
- ne_ssl_dname_cmp(3)
- ne_strhash(3)
- ne_request_dispatch(3)
- ne_buffer_destroy(3)
- ne_add_request_header(3)
- ne_get_session_flag(3)
- ne_ssl_clicert_decrypt(3)
- ne_version_string(3)
- ne_calloc(3)
- ne_buffer_grow(3)
- ne_set_error(3)
- ne_qtoken(3)
- ne_ssl_set_protovers(3)
- ne_ssl_cert_read(3)
- ne_ssl_cert_import(3)
- ne_set_request_body_buffer(3)
- ne_iaddr_parse(3)
apt-get install libneon27-dev
apt-get install libneon27-gnutls-dev
Manual
NE_SSL_SET_VERIFY
NAMESYNOPSIS
DESCRIPTION
RETURN VALUE
EXAMPLES
SEE ALSO
COPYRIGHT
NAME
ne_ssl_set_verify - register an SSL certificate verification callback
SYNOPSIS
#include <ne_session.h>
|
typedef int ne_ssl_verify_fn(void * userdata , int failures , const ne_ssl_certificate * cert ); |
|
|
void ne_ssl_set_verify(ne_session * session , ne_ssl_verify_fn verify_fn , void * userdata ); |
DESCRIPTION
To enable manual SSL certificate verification, a callback can be registered using ne_ssl_set_verify . If such a callback is not registered, when a connection is established to an SSL server which does not present a certificate signed by a trusted CA (see ne_ssl_trust_cert), or if the certificate presented is invalid in some way, the connection will fail.
When the callback is invoked, the failures parameter gives a bitmask indicating in what way the automatic certificate verification failed. The value is equal to the bit-wise OR of one or more of the following constants (and is guaranteed to be non-zero):
NE_SSL_NOTYETVALID
The certificate is not yet valid.
NE_SSL_EXPIRED
The certificate has expired.
NE_SSL_IDMISMATCH
The hostname used for the session does not match the hostname to which the certificate was issued.
NE_SSL_UNTRUSTED
The Certificate Authority which signed the certificate is not trusted.
Note that if either of the NE_SSL_IDMISMATCH or NE_SSL_UNTRUSTED failures is given, the connection may have been intercepted by a third party, and must not be presumed to be “secure”.
The cert parameter passed to the callback represents the certificate which was presented by the server. If the server presented a chain of certificates, the chain can be accessed using ne_ssl_cert_signedby. The cert object given is not valid after the callback returns.
RETURN VALUE
The verification callback must return zero to indicate that the certificate should be trusted; and non-zero otherwise (in which case, the connection will fail).
EXAMPLES
The following code implements an example verification callback, using the dump_cert function from ne_ssl_cert_subject to display certification information. Notice that the hostname of the server used for the session is passed as the userdata parameter to the callback.
static int
my_verify(void *userdata, int failures, const
ne_ssl_certificate *cert)
{
const char *hostname = userdata;
dump_cert(cert);
puts("Certificate
verification failed - the connection may have been "
"intercepted by a third party!");
if (failures
& NE_SSL_IDMISMATCH) {
const char *id = ne_ssl_cert_identity(cert);
if (id)
printf("Server certificate was issued to '%s' not
'%s'.\n",
id, hostname);
else
printf("The certificate was not issued for
'%s'\n", hostname);
}
if (failures
& NE_SSL_UNTRUSTED)
puts("The certificate is not signed by a trusted
Certificate Authority.");
/* ... check for validity failures ... */
if
(prompt_user())
return 1; /* fail verification */
else
return 0; /* trust the certificate anyway */
}
int
main(...)
{
ne_session *sess = ne_session_create("https",
"some.host.name", 443);
ne_ssl_set_verify(sess, my_verify,
"some.host.name");
...
}
SEE ALSO
ne_ssl_trust_cert, ne_ssl_readable_dname, ne_ssl_cert_subject
COPYRIGHT
Copyright © 2001-2024 Joe Orton