SSLSetEnableCertVerify

Enables or disables peer certificate chain validation.

Declaration

OSStatus SSLSetEnableCertVerify(SSLContextRef context, Boolean enableVerify);

Parameters

context:
An SSL session context reference.
enableVerify:
A Boolean value specifying whether peer certificate chain validation is enabled. Certificate chain validation is enabled by default. Specify false to disable validation.

Return Value

A result code. See Secure Transport Result Codes.

Discussion

By default, Secure Transport attempts to verify the certificate chain during an exchange of peer certificates. If you disable peer certificate chain validation, it is your responsibility to call SSLCopyPeerCertificates upon successful completion of the handshake and then to validate the peer certificate chain before transferring the data.

You can use the SSLGetEnableCertVerify function to determine the current setting of the enableVerify flag.