]>
Commit | Line | Data |
---|---|---|
eeb15452 DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, | |
6 | SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, | |
7 | SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, | |
948cf521 HL |
8 | SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, |
9 | SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, | |
10 | SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate | |
eeb15452 DSH |
11 | verification or chain store |
12 | ||
13 | =head1 SYNOPSIS | |
14 | ||
15 | #include <openssl/ssl.h> | |
16 | ||
17 | int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
18 | int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
19 | int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
20 | int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); | |
948cf521 HL |
21 | int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); |
22 | int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); | |
eeb15452 | 23 | |
d938e8df DKG |
24 | int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); |
25 | int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); | |
26 | int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); | |
27 | int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); | |
948cf521 HL |
28 | int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); |
29 | int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); | |
eeb15452 DSH |
30 | |
31 | =head1 DESCRIPTION | |
32 | ||
33 | SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() | |
34 | set the certificate store used for certificate verification to B<st>. | |
35 | ||
36 | SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() | |
37 | set the certificate store used for certificate chain building to B<st>. | |
38 | ||
39 | SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), | |
40 | SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar | |
41 | except they apply to SSL structure B<ssl>. | |
42 | ||
948cf521 HL |
43 | SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), |
44 | SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the | |
45 | objects previously set via the above calls. A pointer to the object (or NULL if | |
46 | no such object has been set) is written to B<*st>. | |
47 | ||
eeb15452 DSH |
48 | All these functions are implemented as macros. Those containing a B<1> |
49 | increment the reference count of the supplied store so it must | |
50 | be freed at some point after the operation. Those containing a B<0> do | |
51 | not increment reference counts and the supplied store B<MUST NOT> be freed | |
52 | after the operation. | |
53 | ||
54 | =head1 NOTES | |
55 | ||
56 | The stores pointers associated with an SSL_CTX structure are copied to any SSL | |
57 | structures when SSL_new() is called. As a result SSL structures will not be | |
58 | affected if the parent SSL_CTX store pointer is set to a new value. | |
59 | ||
60 | The verification store is used to verify the certificate chain sent by the | |
61 | peer: that is an SSL/TLS client will use the verification store to verify | |
62 | the server's certificate chain and a SSL/TLS server will use it to verify | |
63 | any client certificate chain. | |
64 | ||
65 | The chain store is used to build the certificate chain. | |
f9ac6f69 DDO |
66 | Details of the chain building and checking process are described in |
67 | L<openssl-verification-options(1)/Certification Path Building> and | |
68 | L<openssl-verification-options(1)/Certification Path Validation>. | |
eeb15452 DSH |
69 | |
70 | If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is | |
1bc74519 | 71 | configured already (for example using the functions such as |
9b86974e RS |
72 | L<SSL_CTX_add1_chain_cert(3)> or |
73 | L<SSL_CTX_add_extra_chain_cert(3)>) then | |
eeb15452 DSH |
74 | automatic chain building is disabled. |
75 | ||
76 | If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building | |
77 | is disabled. | |
78 | ||
79 | If the chain or the verification store is not set then the store associated | |
80 | with the parent SSL_CTX is used instead to retain compatibility with previous | |
81 | versions of OpenSSL. | |
82 | ||
83 | =head1 RETURN VALUES | |
84 | ||
85 | All these functions return 1 for success and 0 for failure. | |
86 | ||
eeb15452 DSH |
87 | =head1 SEE ALSO |
88 | ||
98ca37e4 | 89 | L<ssl(7)>, |
9b86974e RS |
90 | L<SSL_CTX_add_extra_chain_cert(3)> |
91 | L<SSL_CTX_set0_chain(3)> | |
92 | L<SSL_CTX_set1_chain(3)> | |
93 | L<SSL_CTX_add0_chain_cert(3)> | |
94 | L<SSL_CTX_add1_chain_cert(3)> | |
95 | L<SSL_set0_chain(3)> | |
96 | L<SSL_set1_chain(3)> | |
97 | L<SSL_add0_chain_cert(3)> | |
98 | L<SSL_add1_chain_cert(3)> | |
99 | L<SSL_CTX_build_cert_chain(3)> | |
100 | L<SSL_build_cert_chain(3)> | |
eeb15452 DSH |
101 | |
102 | =head1 HISTORY | |
103 | ||
fc5ecadd | 104 | These functions were added in OpenSSL 1.0.2. |
eeb15452 | 105 | |
e2f92610 RS |
106 | =head1 COPYRIGHT |
107 | ||
38fc02a7 | 108 | Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 109 | |
4746f25a | 110 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
111 | this file except in compliance with the License. You can obtain a copy |
112 | in the file LICENSE in the source distribution or at | |
113 | L<https://www.openssl.org/source/license.html>. | |
114 | ||
115 | =cut |