=head1 DESCRIPTION
-X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
-B<verify_cb> overwriting the previous callback.
+X509_STORE_set_verify_cb() sets the verification callback of I<ctx> to
+I<verify_cb> overwriting the previous callback.
The callback assigned with this function becomes a default for the one
that can be assigned directly to the corresponding B<X509_STORE_CTX>,
please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
X509_STORE_set_verify() sets the final chain verification function for
-B<ctx> to B<verify>.
+I<ctx> to I<verify>.
Its purpose is to go through the chain of certificates and check that
all signatures are valid and that the current time is within the
limits of each certificate's first and last validity time.
If the function returns 1 the caller is responsible for freeing I<*issuer>.
X509_STORE_set_get_issuer() sets the function I<get_issuer>
-to get the "best" candidate issuer certificate of the given certificate B<x>.
+to get the "best" candidate issuer certificate of the given certificate I<x>.
When such a certificate is found, I<get_issuer> must up-ref and assign it
-to B<*issuer> and then return 1.
+to I<*issuer> and then return 1.
Otherwise I<get_issuer> must return 0 if not found and -1 (or 0) on failure.
If X509_STORE_set_get_issuer() is not used or I<get_issuer> is NULL
then X509_STORE_CTX_get1_issuer() is used as the default implementation.
X509_STORE_set_check_issued() sets the function to check that a given
-certificate B<x> is issued by the issuer certificate B<issuer>.
-This function must return 0 on failure (among others if B<x> hasn't
-been issued with B<issuer>) and 1 on success.
+certificate I<x> is issued by the issuer certificate I<issuer>.
+This function must return 0 on failure (among others if I<x> hasn't
+been issued with I<issuer>) and 1 on success.
I<If no function to get the issuer is provided, the internal default
function will be used instead.>
function will be used instead.>
X509_STORE_set_get_crl() sets the function to get the crl for a given
-certificate B<x>.
-When found, the crl must be assigned to B<*crl>.
+certificate I<x>.
+When found, the crl must be assigned to I<*crl>.
This function must return 0 on failure and 1 on success.
I<If no function to get the issuer is provided, the internal default
function will be used instead.>
X509_STORE_set_check_crl() sets the function to check the validity of
-the given B<crl>.
+the given I<crl>.
This function must return 0 on failure and 1 on success.
I<If no function to get the issuer is provided, the internal default
function will be used instead.>
X509_STORE_set_cert_crl() sets the function to check the revocation
-status of the given certificate B<x> against the given B<crl>.
+status of the given certificate I<x> against the given I<crl>.
This function must return 0 on failure and 1 on success.
I<If no function to get the issuer is provided, the internal default
function will be used instead.>
X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
functions to look up all the certs or all the CRLs that match the
-given name B<nm>.
+given name I<nm>.
These functions return NULL on failure and a pointer to a stack of
certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
success.
#include <openssl/err.h>
#include <openssl/conf.h>
#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
#endif
#include "testutil.h"
ssl)))
goto end;
- X509_STORE_CTX_set_default(store_ctx,
- SSL_is_server(ssl) ? "ssl_client" : "ssl_server");
+ X509_STORE_CTX_set_default(store_ctx, SSL_is_server(ssl)
+ ? "ssl_client" : "ssl_server");
X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx),
- SSL_get0_param(ssl));
+ SSL_get0_param(ssl));
store_ctx_dane_init(store_ctx, ssl);
if (SSL_get_verify_callback(ssl) != NULL)
char *header = 0;
unsigned char *data = 0;
long len;
- char *errtype = 0; /* if error: cert or pkey? */
+ char *errtype = 0; /* if error: cert or pkey? */
STACK_OF(X509) *chain;
typedef X509 *(*d2i_X509_t)(X509 **, const unsigned char **, long);
&& PEM_read_bio(fp, &name, &header, &data, &len) == 1;
++count) {
if (strcmp(name, PEM_STRING_X509) == 0
- || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
- || strcmp(name, PEM_STRING_X509_OLD) == 0) {
+ || strcmp(name, PEM_STRING_X509_TRUSTED) == 0
+ || strcmp(name, PEM_STRING_X509_OLD) == 0) {
d2i_X509_t d = strcmp(name, PEM_STRING_X509_TRUSTED) != 0
? d2i_X509_AUX : d2i_X509;
X509 *cert;
|| !TEST_ptr(ctx = SSL_CTX_new(TLS_client_method()))
|| !TEST_int_gt(SSL_CTX_dane_enable(ctx), 0)
|| !TEST_true(SSL_CTX_load_verify_file(ctx, CAfile))
- || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1),
- 0)
- || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2),
- 0)
+ || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha512(), 2, 1), 0)
+ || !TEST_int_gt(SSL_CTX_dane_mtype_set(ctx, EVP_sha256(), 1, 2), 0)
|| !TEST_int_gt(test_tlsafile(ctx, basedomain, f, tlsafile), 0))
goto end;
ret = 1;