You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
1.9 KiB
57 lines
1.9 KiB
=pod |
|
|
|
=head1 NAME |
|
|
|
SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage |
|
|
|
=head1 SYNOPSIS |
|
|
|
#include <openssl/ssl.h> |
|
|
|
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); |
|
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); |
|
|
|
=head1 DESCRIPTION |
|
|
|
SSL_CTX_set_cert_store() sets/replaces the certificate verification storage |
|
of B<ctx> to/with B<store>. If another X509_STORE object is currently |
|
set in B<ctx>, it will be X509_STORE_free()ed. |
|
|
|
SSL_CTX_get_cert_store() returns a pointer to the current certificate |
|
verification storage. |
|
|
|
=head1 NOTES |
|
|
|
In order to verify the certificates presented by the peer, trusted CA |
|
certificates must be accessed. These CA certificates are made available |
|
via lookup methods, handled inside the X509_STORE. From the X509_STORE |
|
the X509_STORE_CTX used when verifying certificates is created. |
|
|
|
Typically the trusted certificate store is handled indirectly via using |
|
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. |
|
Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions |
|
it is possible to manipulate the X509_STORE object beyond the |
|
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> |
|
call. |
|
|
|
Currently no detailed documentation on how to use the X509_STORE |
|
object is available. Not all members of the X509_STORE are used when |
|
the verification takes place. So will e.g. the verify_callback() be |
|
overridden with the verify_callback() set via the |
|
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. |
|
This document must therefore be updated when documentation about the |
|
X509_STORE object and its handling becomes available. |
|
|
|
=head1 RETURN VALUES |
|
|
|
SSL_CTX_set_cert_store() does not return diagnostic output. |
|
|
|
SSL_CTX_get_cert_store() returns the current setting. |
|
|
|
=head1 SEE ALSO |
|
|
|
L<ssl(3)|ssl(3)>, |
|
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, |
|
L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> |
|
|
|
=cut
|
|
|