NextPrevUpTopContentsIndex

set-verification-mode

 
Function
Summary

Sets the verification mode for CTX.

Package

comm

Signature

set-verification-mode ssl-ctx ssl-side mode &optional callback

Arguments

ssl-ctx

A foreign pointer of type ssl-pointer or ssl-ctx-pointer .

ssl-side

:server or :client .

mode

An integer, one of the symbols :never , :always , :once , or a list of keywords.

callback

A foreign function.

Values

result

A list of symbols.

Description

The function set-verification-mode sets the verification mode for CTX according to arguments ssl-side and mode .

When ssl-side is :server , mode can be:

An integer

mode is passed directly to SSL_set_verify or SSL_CTX_set_verify .

:never

The server will not send a client certificate request to the client, so the client will not send a certificate.

:always

The server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure.

:once

Same as :always except that the client certificate is checked only on the initial TLS/SSL handshake, and not again in case of renegotiation.

A list

The list contains (some of) the keywords :verify-client-once , :verify-peer and : fail-if-no-peer-cert . These keywords map to the corresponding C constants VERIFY_CLIENT_ONCE , VERIFY_PEER and FAIL_IF_NO_PEER_CERT respectively. See the manual entry for SSL_CTX_set_verify for the meaning of the constants.

When ssl-side is :client , mode can be:

An integer

mode is passed directly as for ssl-side :server .

:never

If not using an anonymous cipher, the server will send a certificate which will be checked by the client. The handshake will be continued regardless of the verification result.

:always

The server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent because an anonymous cipher is used, verification is ignored.

A list

The list contains keywords as described above for ssl-side :server .

If non- nil callback should be a symbol, function, string or foreign pointer designating a foreign function that is called to perform verification. The default value of callback is nil .

See also

get-verification-mode


LispWorks Reference Manual - 12 Mar 2008

NextPrevUpTopContentsIndex