SSL Verification Mode Constants

Variables
const	Qore::SSL_VERIFY_CLIENT_ONCE = SSL_VERIFY_CLIENT_ONCE
	Only request a client certificate once in server mode. More...
const	Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT
	Require a client certificate in server mode. More...
const	Qore::SSL_VERIFY_NONE = SSL_VERIFY_NONE
	Do not verify the peer's certificate. More...
const	Qore::SSL_VERIFY_PEER = SSL_VERIFY_PEER
	Verify the peer's certificate. More...

Detailed Description

These are integer contants to be used with Socket::setSslVerifyMode() and are returned by Socket::getSslVerifyMode()

Variable Documentation

SSL_VERIFY_CLIENT_ONCE

const Qore::SSL_VERIFY_CLIENT_ONCE = SSL_VERIFY_CLIENT_ONCE

Only request a client certificate once in server mode.

Server Mode

Only request a client certificate on the initial TLS/SSL handshake. Do not ask for a client certificate again in case of a renegotiation. This flag must be used together with Qore::SSL_VERIFY_PEER (combined with binary or).

Client Mode

Ignored

Note

must be used with Qore::SSL_VERIFY_PEER (combined with binary or)

SSL_VERIFY_FAIL_IF_NO_PEER_CERT

const Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT = SSL_VERIFY_FAIL_IF_NO_PEER_CERT

Require a client certificate in server mode.

Server Mode

If the client did not return a certificate, the TLS/SSL handshake is immediately terminated with a "handshake failure" alert. This flag must be used together with Qore::SSL_VERIFY_PEER (combined with binary or).

Client Mode

Ignored

Note

must be used with Qore::SSL_VERIFY_PEER (combined with binary or)

SSL_VERIFY_NONE

const Qore::SSL_VERIFY_NONE = SSL_VERIFY_NONE

Do not verify the peer's certificate.

Server Mode

The server will not send a client certificate request to the client, so the client will not send a certificate

Client Mode

If not using an anonymous cipher (by default disabled), the server will send a certificate which will be checked. The handshake will be continued regardless of the verification result.

SSL_VERIFY_PEER

const Qore::SSL_VERIFY_PEER = SSL_VERIFY_PEER

Verify the peer's certificate.

Server Mode

The server sends a client certificate request to the client. The certificate returned (if any) is checked. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. The behaviour can be controlled by the additional Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT and Qore::SSL_VERIFY_CLIENT_ONCE flags.

Client Mode

The server certificate is verified. If the verification process fails, the TLS/SSL handshake is immediately terminated with an alert message containing the reason for the verification failure. If no server certificate is sent, because an anonymous cipher is used, Qore::SSL_VERIFY_PEER is ignored.

See also

• Qore::SSL_VERIFY_FAIL_IF_NO_PEER_CERT
• Qore::SSL_VERIFY_CLIENT_ONCE