Install Now
SSL_get_verify_result - get result of peer certificate verification
Contents
Bugs
If no peer certificate was presented, the returned result code is X509_V_OK. This is because no
verification error occurred, it does however not indicate success. SSL_get_verify_result() is only useful
in connection with SSL_get_peer_certificate(3).
Copyright
Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance
with the License. You can obtain a copy in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
3.5.0 2025-06-04 SSL_GET_VERIFY_RESULT(3SSL)
Description
SSL_get_verify_result() returns the result of the verification of the X509 certificate presented by the
peer, if any. sslMUSTNOT be NULL.
Name
SSL_get_verify_result - get result of peer certificate verification
Notes
SSL_get_verify_result() can only return one error code while the verification of a certificate can fail
because of many reasons at the same time. Only the last verification error that occurred during the
processing is available from SSL_get_verify_result().
Sometimes there can be a sequence of errors leading to the verification failure as reported by
SSL_get_verify_result(). To get the errors, it is necessary to setup a verify callback via
SSL_CTX_set_verify(3) or SSL_set_verify(3) and retrieve the errors from the error stack there, because
once SSL_connect(3) returns, these errors may no longer be available.
The verification result is part of the established session and is restored when a session is reused.
Return Values
The following return values can currently occur:
X509_V_OK
The verification succeeded or no peer certificate was presented.
Any other value
Documented in openssl-verify(1).
See Also
ssl(7), SSL_set_verify_result(3), SSL_get_peer_certificate(3), openssl-verify(1)
Synopsis
#include <openssl/ssl.h>
long SSL_get_verify_result(const SSL *ssl);
PNG Icons
