1=pod 2 3=head1 NAME 4 5SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, 6SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, 7SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, 8SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, 9SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, 10SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate 11verification or chain store 12 13=head1 SYNOPSIS 14 15 #include <openssl/ssl.h> 16 17 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 18 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 19 int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 20 int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 21 int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); 22 int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); 23 24 int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); 25 int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); 26 int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); 27 int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); 28 int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); 29 int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); 30 31=head1 DESCRIPTION 32 33SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() 34set the certificate store used for certificate verification to B<st>. 35 36SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() 37set the certificate store used for certificate chain building to B<st>. 38 39SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), 40SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar 41except they apply to SSL structure B<ssl>. 42 43SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), 44SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the 45objects previously set via the above calls. A pointer to the object (or NULL if 46no such object has been set) is written to B<*st>. 47 48All these functions are implemented as macros. Those containing a B<1> 49increment the reference count of the supplied store so it must 50be freed at some point after the operation. Those containing a B<0> do 51not increment reference counts and the supplied store B<MUST NOT> be freed 52after the operation. 53 54=head1 NOTES 55 56The stores pointers associated with an SSL_CTX structure are copied to any SSL 57structures when SSL_new() is called. As a result SSL structures will not be 58affected if the parent SSL_CTX store pointer is set to a new value. 59 60The verification store is used to verify the certificate chain sent by the 61peer: that is an SSL/TLS client will use the verification store to verify 62the server's certificate chain and a SSL/TLS server will use it to verify 63any client certificate chain. 64 65The chain store is used to build the certificate chain. 66 67If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 68configured already (for example using the functions such as 69L<SSL_CTX_add1_chain_cert(3)> or 70L<SSL_CTX_add_extra_chain_cert(3)>) then 71automatic chain building is disabled. 72 73If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building 74is disabled. 75 76If the chain or the verification store is not set then the store associated 77with the parent SSL_CTX is used instead to retain compatibility with previous 78versions of OpenSSL. 79 80=head1 RETURN VALUES 81 82All these functions return 1 for success and 0 for failure. 83 84=head1 SEE ALSO 85 86L<SSL_CTX_add_extra_chain_cert(3)> 87L<SSL_CTX_set0_chain(3)> 88L<SSL_CTX_set1_chain(3)> 89L<SSL_CTX_add0_chain_cert(3)> 90L<SSL_CTX_add1_chain_cert(3)> 91L<SSL_set0_chain(3)> 92L<SSL_set1_chain(3)> 93L<SSL_add0_chain_cert(3)> 94L<SSL_add1_chain_cert(3)> 95L<SSL_CTX_build_cert_chain(3)> 96L<SSL_build_cert_chain(3)> 97 98=head1 HISTORY 99 100These functions were added in OpenSSL 1.0.2. 101 102=head1 COPYRIGHT 103 104Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. 105 106Licensed under the OpenSSL license (the "License"). You may not use 107this file except in compliance with the License. You can obtain a copy 108in the file LICENSE in the source distribution or at 109L<https://www.openssl.org/source/license.html>. 110 111=cut 112