]>
Commit | Line | Data |
---|---|---|
eeb15452 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, | |
6 | SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, | |
7 | SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, | |
8 | SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate | |
9 | verification or chain store | |
10 | ||
11 | =head1 SYNOPSIS | |
12 | ||
13 | #include <openssl/ssl.h> | |
14 | ||
15 | int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
16 | int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
17 | int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
18 | int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
19 | ||
d938e8df DKG |
20 | int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); |
21 | int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); | |
22 | int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); | |
23 | int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); | |
eeb15452 DSH |
24 | |
25 | =head1 DESCRIPTION | |
26 | ||
27 | SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() | |
28 | set the certificate store used for certificate verification to B<st>. | |
29 | ||
30 | SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() | |
31 | set the certificate store used for certificate chain building to B<st>. | |
32 | ||
33 | SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), | |
34 | SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar | |
35 | except they apply to SSL structure B<ssl>. | |
36 | ||
37 | All these functions are implemented as macros. Those containing a B<1> | |
38 | increment the reference count of the supplied store so it must | |
39 | be freed at some point after the operation. Those containing a B<0> do | |
40 | not increment reference counts and the supplied store B<MUST NOT> be freed | |
41 | after the operation. | |
42 | ||
43 | =head1 NOTES | |
44 | ||
45 | The stores pointers associated with an SSL_CTX structure are copied to any SSL | |
46 | structures when SSL_new() is called. As a result SSL structures will not be | |
47 | affected if the parent SSL_CTX store pointer is set to a new value. | |
48 | ||
49 | The verification store is used to verify the certificate chain sent by the | |
50 | peer: that is an SSL/TLS client will use the verification store to verify | |
51 | the server's certificate chain and a SSL/TLS server will use it to verify | |
52 | any client certificate chain. | |
53 | ||
54 | The chain store is used to build the certificate chain. | |
55 | ||
56 | If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is | |
1bc74519 | 57 | configured already (for example using the functions such as |
9b86974e RS |
58 | L<SSL_CTX_add1_chain_cert(3)> or |
59 | L<SSL_CTX_add_extra_chain_cert(3)>) then | |
eeb15452 DSH |
60 | automatic chain building is disabled. |
61 | ||
62 | If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building | |
63 | is disabled. | |
64 | ||
65 | If the chain or the verification store is not set then the store associated | |
66 | with the parent SSL_CTX is used instead to retain compatibility with previous | |
67 | versions of OpenSSL. | |
68 | ||
69 | =head1 RETURN VALUES | |
70 | ||
71 | All these functions return 1 for success and 0 for failure. | |
72 | ||
eeb15452 DSH |
73 | =head1 SEE ALSO |
74 | ||
9b86974e RS |
75 | L<SSL_CTX_add_extra_chain_cert(3)> |
76 | L<SSL_CTX_set0_chain(3)> | |
77 | L<SSL_CTX_set1_chain(3)> | |
78 | L<SSL_CTX_add0_chain_cert(3)> | |
79 | L<SSL_CTX_add1_chain_cert(3)> | |
80 | L<SSL_set0_chain(3)> | |
81 | L<SSL_set1_chain(3)> | |
82 | L<SSL_add0_chain_cert(3)> | |
83 | L<SSL_add1_chain_cert(3)> | |
84 | L<SSL_CTX_build_cert_chain(3)> | |
85 | L<SSL_build_cert_chain(3)> | |
eeb15452 DSH |
86 | |
87 | =head1 HISTORY | |
88 | ||
df75c2bf | 89 | These functions were added in OpenSSL 1.0.2. |
eeb15452 | 90 | |
e2f92610 RS |
91 | =head1 COPYRIGHT |
92 | ||
93 | Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. | |
94 | ||
95 | Licensed under the OpenSSL license (the "License"). You may not use | |
96 | this file except in compliance with the License. You can obtain a copy | |
97 | in the file LICENSE in the source distribution or at | |
98 | L<https://www.openssl.org/source/license.html>. | |
99 | ||
100 | =cut |