]>
Commit | Line | Data |
---|---|---|
141e5849 LJ |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage | |
6 | ||
7 | =head1 SYNOPSIS | |
8 | ||
9 | #include <openssl/ssl.h> | |
10 | ||
11 | void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); | |
c3e64028 | 12 | X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); |
141e5849 LJ |
13 | |
14 | =head1 DESCRIPTION | |
15 | ||
16 | SSL_CTX_set_cert_store() sets/replaces the certificate verification storage | |
a5200a1b | 17 | of B<ctx> to/with B<store>. If another X509_STORE object is currently |
141e5849 LJ |
18 | set in B<ctx>, it will be X509_STORE_free()ed. |
19 | ||
20 | SSL_CTX_get_cert_store() returns a pointer to the current certificate | |
21 | verification storage. | |
22 | ||
23 | =head1 NOTES | |
24 | ||
25 | In order to verify the certificates presented by the peer, trusted CA | |
26 | certificates must be accessed. These CA certificates are made available | |
27 | via lookup methods, handled inside the X509_STORE. From the X509_STORE | |
28 | the X509_STORE_CTX used when verifying certificates is created. | |
29 | ||
30 | Typically the trusted certificate store is handled indirectly via using | |
9b86974e | 31 | L<SSL_CTX_load_verify_locations(3)>. |
141e5849 LJ |
32 | Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions |
33 | it is possible to manipulate the X509_STORE object beyond the | |
9b86974e | 34 | L<SSL_CTX_load_verify_locations(3)> |
141e5849 LJ |
35 | call. |
36 | ||
37 | Currently no detailed documentation on how to use the X509_STORE | |
38 | object is available. Not all members of the X509_STORE are used when | |
39 | the verification takes place. So will e.g. the verify_callback() be | |
40 | overridden with the verify_callback() set via the | |
9b86974e | 41 | L<SSL_CTX_set_verify(3)> family of functions. |
141e5849 LJ |
42 | This document must therefore be updated when documentation about the |
43 | X509_STORE object and its handling becomes available. | |
44 | ||
eeb15452 DSH |
45 | =head1 RESTRICTIONS |
46 | ||
47 | The X509_STORE structure used by an SSL_CTX is used for verifying peer | |
48 | certificates and building certificate chains, it is also shared by | |
49 | every child SSL structure. Applications wanting finer control can use | |
50 | functions such as SSL_CTX_set1_verify_cert_store() instead. | |
51 | ||
141e5849 LJ |
52 | =head1 RETURN VALUES |
53 | ||
54 | SSL_CTX_set_cert_store() does not return diagnostic output. | |
55 | ||
56 | SSL_CTX_get_cert_store() returns the current setting. | |
57 | ||
58 | =head1 SEE ALSO | |
59 | ||
9b86974e RS |
60 | L<ssl(3)>, |
61 | L<SSL_CTX_load_verify_locations(3)>, | |
62 | L<SSL_CTX_set_verify(3)> | |
141e5849 LJ |
63 | |
64 | =cut |