serverCertificateValidationCallback

std::function<bool(SecTrustRef trust, const ConnectionInfoPtr& info)> Ice::SSL::SecureTransportClientAuthenticationOptions::serverCertificateValidationCallback

A callback for validating the server certificate chain.

If the verification callback returns false, the connection will be aborted with an Ice::SecurityException.

The server certificate chain is validated using the trust object passed to the callback. When this callback is set, it replaces the default validation callback and must perform all necessary validation steps. If trustedRootCertificates is set, the passed trust object will use them as the anchor certificates for evaluating trust. This setting can be modified by the application using SecTrustSetAnchorCertificates.

Example of setting serverCertificateValidationCallback:

    auto initData = Ice::InitializationData{
        .clientAuthenticationOptions = Ice::SSL::ClientAuthenticationOptions{
            .serverCertificateValidationCallback =
                [](SecTrustRef trust, const Ice::SSL::ConnectionInfoPtr&)
            { return SecTrustEvaluateWithError(trust, nullptr); }}};

Parameters

trust	The trust object that contains the server's certificate chain.
info	The connection info object that provides additional connection-related data. The ConnectionInfo type is an alias for the platform-specific connection info class.

Returns

true if the certificate chain is valid and the connection should proceed; false if the certificate chain is invalid and the connection should be aborted.

Exceptions

Ice::SecurityException

if the certificate chain is invalid and the connection should be aborted.

See also

SecTrustEvaluateWithError

SSL::OpenSSLConnectionInfo

SSL::SecureTransportConnectionInfo

SSL::SchannelConnectionInfo

Definition at line 180 of file ClientAuthenticationOptions.h.