.TH "globus_gsi_callback_functions" 3 "Tue Dec 15 2020" "Version 6.2" "globus_gsi_callback" \" -*- nroff -*- .ad l .nh .SH NAME globus_gsi_callback_functions \- Callback Functions .PP \- Callback Functions\&. .SH SYNOPSIS .br .PP .SS "Functions" .in +1c .ti -1c .RI "globus_result_t \fBglobus_gsi_callback_get_X509_STORE_callback_data_index\fP (int *index)" .br .RI "Get callback data index from X509_STORE\&. " .ti -1c .RI "globus_result_t \fBglobus_gsi_callback_get_SSL_callback_data_index\fP (int *index)" .br .RI "Get callback data index from SSL structure\&. " .ti -1c .RI "int \fBglobus_gsi_callback_X509_verify_cert\fP (X509_STORE_CTX *context, void *arg)" .br .RI "Certificate verify wrapper\&. " .ti -1c .RI "int \fBglobus_gsi_callback_create_proxy_callback\fP (int preverify_ok, X509_STORE_CTX *x509_context)" .br .RI "Independent path validation callback\&. " .ti -1c .RI "int \fBglobus_gsi_callback_handshake_callback\fP (int preverify_ok, X509_STORE_CTX *x509_context)" .br .RI "SSL path validation callback\&. " .ti -1c .RI "int \fBglobus_gsi_callback_check_issued\fP (X509_STORE_CTX *context, X509 *cert, X509 *issuer)" .br .RI "OpenSSL X509_check_issued() wrapper\&. " .in -1c .SH "Detailed Description" .PP Callback Functions\&. Functions that plug into various plug points in the OpenSSL path validation mechanism\&. These functions add CRL checking, X509 Extension handling and proxy validation\&. .SH "Function Documentation" .PP .SS "int globus_gsi_callback_check_issued (X509_STORE_CTX * context, X509 * cert, X509 * issuer)" .PP OpenSSL X509_check_issued() wrapper\&. This function wraps the OpenSSL X509_check_issued() call and catches the error caused by the fact that a proxy certificate issuer may not have to have the correct KeyUsage fields set\&. .PP \fBParameters\fP .RS 4 \fIcontext\fP The validation state object\&. .br \fIcert\fP The certificate to check .br \fIissuer\fP The issuer certificate to check .RE .PP \fBReturns\fP .RS 4 1 on success 0 on failure .RE .PP .SS "int globus_gsi_callback_create_proxy_callback (int preverify_ok, X509_STORE_CTX * x509_context)" .PP Independent path validation callback\&. This function provides a path validation callback for validation outside of a SSL session\&. It should be used in X509_STORE_set_verify_cb_func()\&. .PP \fBParameters\fP .RS 4 \fIpreverify_ok\fP Communicates the result of default validation steps performed by OpenSSL .br .br \fIx509_context\fP The validation state object .RE .PP \fBReturns\fP .RS 4 1 on success 0 on failure .RE .PP .SS "globus_result_t globus_gsi_callback_get_SSL_callback_data_index (int * index)" .PP Get callback data index from SSL structure\&. Retrieve or create the index for our callback data structure in the SSL structure\&. .PP \fBParameters\fP .RS 4 \fIindex\fP Will contain the index upon return .RE .PP \fBReturns\fP .RS 4 GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is returned .RE .PP .SS "globus_result_t globus_gsi_callback_get_X509_STORE_callback_data_index (int * index)" .PP Get callback data index from X509_STORE\&. Retrieve or create the index for our callback data structure in the X509_STORE\&. .PP \fBParameters\fP .RS 4 \fIindex\fP Will contain the index upon return .RE .PP \fBReturns\fP .RS 4 GLOBUS_SUCCESS unless an error occurred, in which case, a globus error object ID is returned .RE .PP .SS "int globus_gsi_callback_handshake_callback (int preverify_ok, X509_STORE_CTX * x509_context)" .PP SSL path validation callback\&. This function provides a path validation callback for the validation part of establishing a SSL session\&. It handles proxy certificates, X509 Extensions and CRL checking\&. It should be used in SSL_CTX_set_verify()\&. .PP \fBParameters\fP .RS 4 \fIpreverify_ok\fP Communicates the result of default validation steps performed by OpenSSL .br .br \fIx509_context\fP The validation state object\&. .RE .PP \fBReturns\fP .RS 4 1 on success 0 on failure .RE .PP .SS "int globus_gsi_callback_X509_verify_cert (X509_STORE_CTX * context, void * arg)" .PP Certificate verify wrapper\&. This function wraps the OpenSSL certificate verification callback for the purpose of a replacing the standard issuer check with one that deals with proxy certificates\&. Should be used with SSL_CTX_set_cert_verify_callback() .PP \fBParameters\fP .RS 4 \fIcontext\fP The X509_STORE_CTX for which to register the callback\&. .br \fIarg\fP Arguments to the callback\&. Currently ignored\&. .RE .PP \fBReturns\fP .RS 4 1 on success 0 on failure .RE .PP .SH "Author" .PP Generated automatically by Doxygen for globus_gsi_callback from the source code\&.