1=pod 2 3=head1 NAME 4 5SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, 6SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, 7SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, 8SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate 9verification or chain store 10 11=head1 SYNOPSIS 12 13 #include <openssl/ssl.h> 14 15 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 16 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 17 int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 18 int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 19 20 int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); 21 int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); 22 int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); 23 int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); 24 25=head1 DESCRIPTION 26 27SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() 28set the certificate store used for certificate verification to B<st>. 29 30SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() 31set the certificate store used for certificate chain building to B<st>. 32 33SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), 34SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar 35except they apply to SSL structure B<ssl>. 36 37All these functions are implemented as macros. Those containing a B<1> 38increment the reference count of the supplied store so it must 39be freed at some point after the operation. Those containing a B<0> do 40not increment reference counts and the supplied store B<MUST NOT> be freed 41after the operation. 42 43=head1 NOTES 44 45The stores pointers associated with an SSL_CTX structure are copied to any SSL 46structures when SSL_new() is called. As a result SSL structures will not be 47affected if the parent SSL_CTX store pointer is set to a new value. 48 49The verification store is used to verify the certificate chain sent by the 50peer: that is an SSL/TLS client will use the verification store to verify 51the server's certificate chain and a SSL/TLS server will use it to verify 52any client certificate chain. 53 54The chain store is used to build the certificate chain. 55Details of the chain building and checking process are described in 56L<openssl-verification-options(1)/Certification Path Building> and 57L<openssl-verification-options(1)/Certification Path Validation>. 58 59If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 60configured already (for example using the functions such as 61L<SSL_CTX_add1_chain_cert(3)> or 62L<SSL_CTX_add_extra_chain_cert(3)>) then 63automatic chain building is disabled. 64 65If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building 66is disabled. 67 68If the chain or the verification store is not set then the store associated 69with the parent SSL_CTX is used instead to retain compatibility with previous 70versions of OpenSSL. 71 72=head1 RETURN VALUES 73 74All these functions return 1 for success and 0 for failure. 75 76=head1 SEE ALSO 77 78L<ssl(7)>, 79L<SSL_CTX_add_extra_chain_cert(3)> 80L<SSL_CTX_set0_chain(3)> 81L<SSL_CTX_set1_chain(3)> 82L<SSL_CTX_add0_chain_cert(3)> 83L<SSL_CTX_add1_chain_cert(3)> 84L<SSL_set0_chain(3)> 85L<SSL_set1_chain(3)> 86L<SSL_add0_chain_cert(3)> 87L<SSL_add1_chain_cert(3)> 88L<SSL_CTX_build_cert_chain(3)> 89L<SSL_build_cert_chain(3)> 90 91=head1 HISTORY 92 93These functions were added in OpenSSL 1.0.2. 94 95=head1 COPYRIGHT 96 97Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved. 98 99Licensed under the Apache License 2.0 (the "License"). You may not use 100this file except in compliance with the License. You can obtain a copy 101in the file LICENSE in the source distribution or at 102L<https://www.openssl.org/source/license.html>. 103 104=cut 105