]>
Commit | Line | Data |
---|---|---|
e05d6c7d DSH |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
1a627771 RS |
5 | X509_STORE_set_lookup_crls_cb, |
6 | X509_STORE_set_verify_func, | |
7 | X509_STORE_get_cleanup, | |
8 | X509_STORE_set_cleanup, | |
9 | X509_STORE_get_lookup_crls, | |
10 | X509_STORE_set_lookup_crls, | |
11 | X509_STORE_get_lookup_certs, | |
12 | X509_STORE_set_lookup_certs, | |
13 | X509_STORE_get_check_policy, | |
14 | X509_STORE_set_check_policy, | |
15 | X509_STORE_get_cert_crl, | |
16 | X509_STORE_set_cert_crl, | |
17 | X509_STORE_get_check_crl, | |
18 | X509_STORE_set_check_crl, | |
19 | X509_STORE_get_get_crl, | |
20 | X509_STORE_set_get_crl, | |
21 | X509_STORE_get_check_revocation, | |
22 | X509_STORE_set_check_revocation, | |
23 | X509_STORE_get_check_issued, | |
24 | X509_STORE_set_check_issued, | |
25 | X509_STORE_get_get_issuer, | |
26 | X509_STORE_set_get_issuer, | |
27 | X509_STORE_CTX_get_verify, | |
28 | X509_STORE_set_verify, | |
29 | X509_STORE_get_verify_cb, | |
121677b4 RS |
30 | X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb, |
31 | X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn, | |
32 | X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn, | |
6061f80b | 33 | X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn, |
121677b4 | 34 | X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn, |
6556519e | 35 | X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn |
1a627771 | 36 | - set verification callback |
e05d6c7d DSH |
37 | |
38 | =head1 SYNOPSIS | |
39 | ||
40 | #include <openssl/x509_vfy.h> | |
41 | ||
0e82e0e1 RL |
42 | typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer, |
43 | X509_STORE_CTX *ctx, X509 *x); | |
44 | typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx, | |
45 | X509 *x, X509 *issuer); | |
46 | typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx); | |
47 | typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx, | |
48 | X509_CRL **crl, X509 *x); | |
49 | typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl); | |
50 | typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx, | |
51 | X509_CRL *crl, X509 *x); | |
52 | typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx); | |
53 | typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx, | |
54 | X509_NAME *nm); | |
55 | typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx, | |
56 | X509_NAME *nm); | |
57 | typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx); | |
58 | ||
59 | void X509_STORE_set_verify_cb(X509_STORE *ctx, | |
60 | X509_STORE_CTX_verify_cb verify_cb); | |
61 | X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx); | |
62 | ||
63 | void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify); | |
64 | X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); | |
65 | ||
66 | void X509_STORE_set_get_issuer(X509_STORE *ctx, | |
67 | X509_STORE_CTX_get_issuer_fn get_issuer); | |
68 | X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx); | |
69 | ||
70 | void X509_STORE_set_check_issued(X509_STORE *ctx, | |
71 | X509_STORE_CTX_check_issued_fn check_issued); | |
72 | X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx); | |
73 | ||
74 | void X509_STORE_set_check_revocation(X509_STORE *ctx, | |
75 | X509_STORE_CTX_check_revocation_fn check_revocation); | |
76 | X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx); | |
77 | ||
78 | void X509_STORE_set_get_crl(X509_STORE *ctx, | |
79 | X509_STORE_CTX_get_crl_fn get_crl); | |
80 | X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx); | |
81 | ||
82 | void X509_STORE_set_check_crl(X509_STORE *ctx, | |
83 | X509_STORE_CTX_check_crl_fn check_crl); | |
84 | X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx); | |
85 | ||
86 | void X509_STORE_set_cert_crl(X509_STORE *ctx, | |
87 | X509_STORE_CTX_cert_crl_fn cert_crl); | |
88 | X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx); | |
89 | ||
90 | void X509_STORE_set_check_policy(X509_STORE *ctx, | |
91 | X509_STORE_CTX_check_policy_fn check_policy); | |
92 | X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx); | |
93 | ||
94 | void X509_STORE_set_lookup_certs(X509_STORE *ctx, | |
95 | X509_STORE_CTX_lookup_certs_fn lookup_certs); | |
96 | X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx); | |
97 | ||
98 | void X509_STORE_set_lookup_crls(X509_STORE *ctx, | |
99 | X509_STORE_CTX_lookup_crls_fn lookup_crls); | |
100 | X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx); | |
101 | ||
102 | void X509_STORE_set_cleanup(X509_STORE *ctx, | |
103 | X509_STORE_CTX_cleanup_fn cleanup); | |
104 | X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx); | |
105 | ||
106 | /* Aliases */ | |
e05d6c7d | 107 | void X509_STORE_set_verify_cb_func(X509_STORE *st, |
0e82e0e1 RL |
108 | X509_STORE_CTX_verify_cb verify_cb); |
109 | void X509_STORE_set_verify_func(X509_STORE *ctx, | |
110 | X509_STORE_CTX_verify_fn verify); | |
111 | void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx, | |
112 | X509_STORE_CTX_lookup_crls_fn lookup_crls); | |
e05d6c7d DSH |
113 | |
114 | =head1 DESCRIPTION | |
115 | ||
116 | X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to | |
0e82e0e1 RL |
117 | B<verify_cb> overwriting the previous callback. |
118 | The callback assigned with this function becomes a default for the one | |
119 | that can be assigned directly to the corresponding B<X509_STORE_CTX>, | |
120 | please see L<X509_STORE_CTX_set_verify_cb(3)> for further information. | |
121 | ||
122 | X509_STORE_set_verify() sets the final chain verification function for | |
123 | B<ctx> to B<verify>. | |
124 | Its purpose is to go through the chain of certificates and check that | |
125 | all signatures are valid and that the current time is within the | |
126 | limits of each certificate's first and last validity time. | |
127 | The final chain verification functions must return 0 on failure and 1 | |
128 | on success. | |
129 | I<If no chain verification function is provided, the internal default | |
130 | function will be used instead.> | |
131 | ||
132 | X509_STORE_set_get_issuer() sets the function to get the issuer | |
133 | certificate that verifies the given certificate B<x>. | |
134 | When found, the issuer certificate must be assigned to B<*issuer>. | |
135 | This function must return 0 on failure and 1 on success. | |
136 | I<If no function to get the issuer is provided, the internal default | |
137 | function will be used instead.> | |
138 | ||
139 | X509_STORE_set_check_issued() sets the function to check that a given | |
140 | certificate B<x> is issued with the issuer certificate B<issuer>. | |
141 | This function must return 0 on failure (among others if B<x> hasn't | |
142 | been issued with B<issuer>) and 1 on success. | |
143 | I<If no function to get the issuer is provided, the internal default | |
144 | function will be used instead.> | |
145 | ||
146 | X509_STORE_set_check_revocation() sets the revocation checking | |
147 | function. | |
148 | Its purpose is to look through the final chain and check the | |
149 | revocation status for each certificate. | |
150 | It must return 0 on failure and 1 on success. | |
151 | I<If no function to get the issuer is provided, the internal default | |
152 | function will be used instead.> | |
153 | ||
700b8145 | 154 | X509_STORE_set_get_crl() sets the function to get the crl for a given |
0e82e0e1 RL |
155 | certificate B<x>. |
156 | When found, the crl must be assigned to B<*crl>. | |
157 | This function must return 0 on failure and 1 on success. | |
158 | I<If no function to get the issuer is provided, the internal default | |
159 | function will be used instead.> | |
160 | ||
161 | X509_STORE_set_check_crl() sets the function to check the validity of | |
162 | the given B<crl>. | |
163 | This function must return 0 on failure and 1 on success. | |
164 | I<If no function to get the issuer is provided, the internal default | |
165 | function will be used instead.> | |
166 | ||
167 | X509_STORE_set_cert_crl() sets the function to check the revocation | |
168 | status of the given certificate B<x> against the given B<crl>. | |
169 | This function must return 0 on failure and 1 on success. | |
170 | I<If no function to get the issuer is provided, the internal default | |
171 | function will be used instead.> | |
172 | ||
173 | X509_STORE_set_check_policy() sets the function to check the policies | |
174 | of all the certificates in the final chain.. | |
175 | This function must return 0 on failure and 1 on success. | |
176 | I<If no function to get the issuer is provided, the internal default | |
177 | function will be used instead.> | |
178 | ||
179 | X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the | |
180 | functions to look up all the certs or all the CRLs that match the | |
181 | given name B<nm>. | |
182 | These functions return NULL on failure and a pointer to a stack of | |
183 | certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on | |
184 | success. | |
185 | I<If no function to get the issuer is provided, the internal default | |
186 | function will be used instead.> | |
187 | ||
188 | X509_STORE_set_cleanup() sets the final cleanup function, which is | |
189 | called when the context (B<X509_STORE_CTX>) is being torn down. | |
190 | This function doesn't return any value. | |
191 | I<If no function to get the issuer is provided, the internal default | |
192 | function will be used instead.> | |
193 | ||
194 | X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(), | |
195 | X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(), | |
196 | X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(), | |
197 | X509_STORE_get_check_crl(), X509_STORE_set_verify(), | |
198 | X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(), | |
199 | X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(), | |
200 | X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return | |
201 | the function pointer assigned with X509_STORE_set_check_issued(), | |
202 | X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(), | |
203 | X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(), | |
204 | X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(), | |
205 | X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if | |
206 | no assignment has been made. | |
207 | ||
208 | X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and | |
209 | X509_STORE_set_lookup_crls_cb() are aliases for | |
210 | X509_STORE_set_verify_cb(), X509_STORE_set_verify() and | |
211 | X509_STORE_set_lookup_crls, available as macros for backward | |
212 | compatibility. | |
e05d6c7d | 213 | |
1e27847d | 214 | =head1 NOTES |
e05d6c7d | 215 | |
0e82e0e1 RL |
216 | All the callbacks from a B<X509_STORE> are inherited by the |
217 | corresponding B<X509_STORE_CTX> structure when it is initialized. | |
218 | See L<X509_STORE_CTX_set_verify_cb(3)> for further details. | |
e05d6c7d DSH |
219 | |
220 | =head1 BUGS | |
221 | ||
1bc74519 | 222 | The macro version of this function was the only one available before |
e05d6c7d DSH |
223 | OpenSSL 1.0.0. |
224 | ||
225 | =head1 RETURN VALUES | |
226 | ||
0e82e0e1 RL |
227 | The X509_STORE_set_*() functions do not return a value. |
228 | ||
229 | The X509_STORE_get_*() functions return a pointer of the appropriate | |
230 | function type. | |
e05d6c7d DSH |
231 | |
232 | =head1 SEE ALSO | |
233 | ||
0e82e0e1 | 234 | L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>, |
6556519e | 235 | L<X509_STORE_CTX_verify_cb(3)>, L<X509_STORE_CTX_verify_fn(3)>, |
9b86974e | 236 | L<CMS_verify(3)> |
e05d6c7d DSH |
237 | |
238 | =head1 HISTORY | |
239 | ||
fc5ecadd | 240 | The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0. |
e05d6c7d | 241 | |
fc5ecadd | 242 | The functions |
0e82e0e1 RL |
243 | X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(), |
244 | X509_STORE_set_verify(), X509_STORE_CTX_get_verify(), | |
245 | X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(), | |
246 | X509_STORE_set_check_issued(), X509_STORE_get_check_issued(), | |
247 | X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(), | |
248 | X509_STORE_set_get_crl(), X509_STORE_get_get_crl(), | |
249 | X509_STORE_set_check_crl(), X509_STORE_get_check_crl(), | |
250 | X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(), | |
251 | X509_STORE_set_check_policy(), X509_STORE_get_check_policy(), | |
252 | X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(), | |
253 | X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(), | |
fc5ecadd DMSP |
254 | X509_STORE_set_cleanup() and X509_STORE_get_cleanup() |
255 | were added in OpenSSL 1.1.0. | |
0e82e0e1 | 256 | |
e2f92610 RS |
257 | =head1 COPYRIGHT |
258 | ||
259 | Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved. | |
260 | ||
4746f25a | 261 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
262 | this file except in compliance with the License. You can obtain a copy |
263 | in the file LICENSE in the source distribution or at | |
264 | L<https://www.openssl.org/source/license.html>. | |
265 | ||
266 | =cut |