Qore Programming Language Reference Manual  0.9.3.2
SSL Verification Mode Constants

Variables

const Qore::SSL_VERIFY_CLIENT_ONCE = SSL_VERIFY_CLIENT_ONCE
 Only request a client certificate once in server mode. More...
 
const Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT
 Require a client certificate in server mode. More...
 
const Qore::SSL_VERIFY_NONE = SSL_VERIFY_NONE
 Do not verify the peer's certificate. More...
 
const Qore::SSL_VERIFY_PEER = SSL_VERIFY_PEER
 Verify the peer's certificate. More...
 

Detailed Description

These are integer contants to be used with Socket::setSslVerifyMode() and are returned by Socket::getSslVerifyMode()

Variable Documentation

◆ SSL_VERIFY_CLIENT_ONCE

const Qore::SSL_VERIFY_CLIENT_ONCE = SSL_VERIFY_CLIENT_ONCE

Only request a client certificate once in server mode.

Server Mode
Only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with Qore::SSL_VERIFY_PEER (combined with binary or).
Client Mode
Ignored
Note
must be used with Qore::SSL_VERIFY_PEER (combined with binary or)

◆ SSL_VERIFY_FAIL_IF_NO_PEER_CERT

const Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT

Require a client certificate in server mode.

Server Mode
If the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with Qore::SSL_VERIFY_PEER (combined with binary or).
Client Mode
Ignored
Note
must be used with Qore::SSL_VERIFY_PEER (combined with binary or)

◆ SSL_VERIFY_NONE

const Qore::SSL_VERIFY_NONE = SSL_VERIFY_NONE

Do not verify the peer's certificate.

Server Mode
The server will not send a client certificate request to the client, so the client will not send a certificate
Client Mode
If not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The handshake will be continued regardless of the verification result.

◆ SSL_VERIFY_PEER

const Qore::SSL_VERIFY_PEER = SSL_VERIFY_PEER

Verify the peer's certificate.

Server Mode
The server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT and Qore::SSL_VERIFY_CLIENT_ONCE flags.
Client Mode
The server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, Qore::SSL_VERIFY_PEER is ignored.
See also