NAME
X509_STORE_CTX_new
,
X509_STORE_CTX_cleanup
,
X509_STORE_CTX_free
,
X509_STORE_CTX_init
,
X509_STORE_CTX_trusted_stack
,
X509_STORE_CTX_set_cert
,
X509_STORE_CTX_set_chain
,
X509_STORE_CTX_set0_crls
,
X509_STORE_CTX_get0_param
,
X509_STORE_CTX_set0_param
,
X509_STORE_CTX_set_default
—
X509_STORE_CTX
initialisation
SYNOPSIS
#include
<openssl/x509_vfy.h>
X509_STORE_CTX *
X509_STORE_CTX_new
(void);
void
X509_STORE_CTX_cleanup
(X509_STORE_CTX
*ctx);
void
X509_STORE_CTX_free
(X509_STORE_CTX
*ctx);
int
X509_STORE_CTX_init
(X509_STORE_CTX
*ctx, X509_STORE *store, X509
*x509, STACK_OF(X509) *chain);
void
X509_STORE_CTX_trusted_stack
(X509_STORE_CTX
*ctx, STACK_OF(X509) *sk);
void
X509_STORE_CTX_set_cert
(X509_STORE_CTX
*ctx, X509 *x);
void
X509_STORE_CTX_set_chain
(X509_STORE_CTX
*ctx, STACK_OF(X509) *sk);
void
X509_STORE_CTX_set0_crls
(X509_STORE_CTX
*ctx, STACK_OF(X509_CRL) *sk);
X509_VERIFY_PARAM *
X509_STORE_CTX_get0_param
(X509_STORE_CTX
*ctx);
void
X509_STORE_CTX_set0_param
(X509_STORE_CTX
*ctx, X509_VERIFY_PARAM *param);
int
X509_STORE_CTX_set_default
(X509_STORE_CTX
*ctx, const char *name);
DESCRIPTION
These functions initialise an X509_STORE_CTX structure for subsequent use by X509_verify_cert(3).
X509_STORE_CTX_new
()
returns a newly initialised X509_STORE_CTX
structure.
X509_STORE_CTX_cleanup
()
internally cleans up an X509_STORE_CTX structure. The
context can then be reused with a new call to
X509_STORE_CTX_init
().
X509_STORE_CTX_free
()
completely frees up ctx. After this call
ctx is no longer valid. If ctx
is a NULL
pointer, no action occurs.
X509_STORE_CTX_init
()
sets up ctx for a subsequent verification operation.
The trusted certificate store is set to store, the end
entity certificate to be verified is set to x509 and a
set of additional certificates (which will be untrusted but may be used to
build the chain) in chain. Any or all of the
store, x509, and
chain parameters can be
NULL
.
X509_STORE_CTX_trusted_stack
()
sets the set of trusted certificates of ctx to
sk. This is an alternative way of specifying trusted
certificates instead of using an X509_STORE.
X509_STORE_CTX_set_cert
()
sets the certificate to be verified in ctx to
x.
X509_STORE_CTX_set_chain
()
sets the additional certificate chain used by ctx to
sk.
X509_STORE_CTX_set0_crls
()
sets a set of CRLs to use to aid certificate verification to
sk. These CRLs will only be used if CRL verification
is enabled in the associated X509_VERIFY_PARAM
structure. This might be used where additional "useful" CRLs are
supplied as part of a protocol, for example in a PKCS#7 structure.
X509_STORE_CTX_get0_param
()
retrieves an internal pointer to the verification parameters associated with
ctx.
X509_STORE_CTX_set0_param
()
sets the internal verification parameter pointer to
param. After this call param
should not be used.
X509_STORE_CTX_set_default
()
looks up and sets the default verification method to
name. This uses the function
X509_VERIFY_PARAM_lookup
()
to find an appropriate set of parameters from
name.
The certificates and CRLs in a store are used internally and should not be freed up until after the associated X509_STORE_CTX is freed. Legacy applications might implicitly use an X509_STORE_CTX like this:
X509_STORE_CTX ctx; X509_STORE_CTX_init(&ctx, store, cert, chain);
This is not recommended in new applications. They should instead do:
X509_STORE_CTX *ctx; ctx = X509_STORE_CTX_new(); if (ctx == NULL) /* Bad error */ X509_STORE_CTX_init(ctx, store, cert, chain);
RETURN VALUES
X509_STORE_CTX_new
() returns a newly
allocated context or NULL
if an error occurred.
X509_STORE_CTX_init
() returns 1 for
success or 0 if an error occurred.
X509_STORE_CTX_get0_param
() returns a
pointer to an X509_VERIFY_PARAM structure or
NULL
if an error occurred.
X509_STORE_CTX_cleanup
(),
X509_STORE_CTX_free
(),
X509_STORE_CTX_trusted_stack
(),
X509_STORE_CTX_set_cert
(),
X509_STORE_CTX_set_chain
(),
X509_STORE_CTX_set0_crls
(), and
X509_STORE_CTX_set0_param
() do not return
values.
X509_STORE_CTX_set_default
() returns 1 for
success or 0 if an error occurred.
SEE ALSO
HISTORY
X509_STORE_CTX_set0_crls
() was first added
to OpenSSL 1.0.0.
BUGS
The certificates and CRLs in a context are used internally and should not be freed up until after the associated X509_STORE_CTX is freed. Copies should be made or reference counts increased instead.