These are integer contants to be used with Socket::setSslVerifyMode() and are returned by Socket::getSslVerifyMode().
More...
These are integer contants to be used with Socket::setSslVerifyMode() and are returned by Socket::getSslVerifyMode().
◆ SSL_VERIFY_CLIENT_ONCE
const Qore::SSL_VERIFY_CLIENT_ONCE = SSL_VERIFY_CLIENT_ONCE |
Only request a client certificate once in server mode.
- Server Mode
- Only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with Qore::SSL_VERIFY_PEER (combined with binary or).
- Client Mode
- Ignored
- Note
- must be used with Qore::SSL_VERIFY_PEER (combined with binary or)
◆ SSL_VERIFY_FAIL_IF_NO_PEER_CERT
const Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
Require a client certificate in server mode.
- Server Mode
- If the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with Qore::SSL_VERIFY_PEER (combined with binary or).
- Client Mode
- Ignored
- Note
- must be used with Qore::SSL_VERIFY_PEER (combined with binary or)
◆ SSL_VERIFY_NONE
const Qore::SSL_VERIFY_NONE = SSL_VERIFY_NONE |
Do not verify the peer's certificate.
- Server Mode
- The server will not send a client certificate request to the client, so the client will not send a certificate
- Client Mode
- If not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The handshake will be continued regardless of the verification result.
◆ SSL_VERIFY_PEER
const Qore::SSL_VERIFY_PEER = SSL_VERIFY_PEER |
Verify the peer's certificate.
- Server Mode
- The server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT and Qore::SSL_VERIFY_CLIENT_ONCE flags.
- Client Mode
- The server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, Qore::SSL_VERIFY_PEER is ignored.
- See also
-