OpenBSD manual page server

Manual Page Search Parameters

X509_STORE_SET1_PARAM(3) Library Functions Manual X509_STORE_SET1_PARAM(3)

X509_STORE_set1_param, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_set_depth, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_get0_param, X509_STORE_get1_objects, X509_STORE_get0_objects, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_dataget and set X509_STORE data

#include <openssl/x509_vfy.h>

X509_STORE_set1_param(X509_STORE *store, X509_VERIFY_PARAM *pm);

X509_STORE_set_flags(X509_STORE *store, unsigned long flags);

X509_STORE_set_purpose(X509_STORE *store, int purpose);

X509_STORE_set_trust(X509_STORE *store, int trust);

X509_STORE_set_depth(X509_STORE *store, int depth);

X509_STORE_add_cert(X509_STORE *store, X509 *x);

X509_STORE_add_crl(X509_STORE *store, X509_CRL *crl);

X509_STORE_get0_param(X509_STORE *store);

X509_STORE_get1_objects(X509_STORE *store);

X509_STORE_get0_objects(X509_STORE *store);

X509_STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

X509_STORE_set_ex_data(X509_STORE *store, int idx, void *arg);

void *
X509_STORE_get_ex_data(X509_STORE *store, int idx);

() copies the verification parameters from pm using X509_VERIFY_PARAM_set1(3) into the verification parameter object contained in the store.

(), (), (), and () call X509_VERIFY_PARAM_set_flags(), (), (), and () on the verification parameter object contained in the store.

() and () add the certificate x or the certificate revocation list crl to the store, increasing its reference count by 1 in case of success. Untrusted objects should not be added in this way.

(), (), and () handle application specific data in X509_STORE objects. Their usage is identical to that of RSA_get_ex_new_index(3), RSA_set_ex_data(3), and RSA_get_ex_data(3). X509_STORE_get_ex_new_index() is implemented as a macro.

X509_STORE_set1_param(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and X509_STORE_set_ex_data() return 1 for success or 0 for failure.

X509_STORE_set_flags() and X509_STORE_set_depth() always return 1, indicating success.

X509_STORE_add_cert() and X509_STORE_add_crl() return 1 for success or 0 for failure. For example, they fail if x or crl is a NULL pointer, if a certificate with the same subject name as x or a revocation list with the same issuer name as crl are already contained in the store, or if memory allocation fails.

X509_STORE_get0_param() returns an internal pointer to the verification parameter object contained in the store. The returned pointer must not be freed by the calling application.

X509_STORE_get1_objects() returns a newly allocated stack containing the certificates, revocation lists, and private keys in store, as well as cached objects added by X509_LOOKUP_hash_dir(3). The caller must release the result with sk_pop_free(3) and X509_OBJECT_free(3) when done.

X509_STORE_get0_objects() is a deprecated function returning an internal pointer to the stack of certificates, revocation lists, and private keys contained in store. The returned pointer must not be modified or freed by the calling application. This function is not thread-safe. If store is shared across multiple threads, callers cannot safely inspect the result of this function, because another thread may have concurrently added to it. In particular, X509_LOOKUP_hash_dir(3) treats this list as a cache and may add to it in the course of certificate verification.

X509_STORE_get_ex_new_index() returns a new index or -1 on failure.

X509_STORE_get_ex_data() returns the application data or NULL on failure.

RSA_get_ex_new_index(3), SSL_set1_param(3), X509_LOOKUP_new(3), X509_OBJECT_get0_X509(3), X509_STORE_CTX_set0_param(3), X509_STORE_load_locations(3), X509_STORE_new(3), X509_VERIFY_PARAM_new(3), X509_VERIFY_PARAM_set_flags(3)

X509_STORE_add_cert() first appeared in SSLeay 0.8.0. X509_STORE_add_crl() first appeared in SSLeay 0.9.0. These functions have been available since OpenBSD 2.4.

X509_STORE_set_flags(), X509_STORE_set_purpose(), and X509_STORE_set_trust() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.

X509_STORE_set1_param() and X509_STORE_set_depth() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.

X509_STORE_get0_param(), X509_STORE_get0_objects(), X509_STORE_get_ex_new_index(), X509_STORE_set_ex_data(), and X509_STORE_get_ex_data() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.

X509_STORE_get1_objects() first appeared in BoringSSL and has been available since OpenBSD 7.5.

March 14, 2024 OpenBSD-current