1=pod 2 3=head1 NAME 4 5SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, 6SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, 7SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, 8SSL_set0_chain_cert_store, SSL_set1_chain_cert_store, 9SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store, 10SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate 11verification or chain store 12 13=head1 SYNOPSIS 14 15 #include <openssl/ssl.h> 16 17 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 18 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 19 int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 20 int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 21 int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st); 22 int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st); 23 24 int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); 25 int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); 26 int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); 27 int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); 28 int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st); 29 int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st); 30 31=head1 DESCRIPTION 32 33SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() 34set the certificate store used for certificate verification to B<st>. 35 36SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() 37set the certificate store used for certificate chain building to B<st>. 38 39SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), 40SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar 41except they apply to SSL structure B<ssl>. 42 43SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), 44SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the 45objects previously set via the above calls. A pointer to the object (or NULL if 46no such object has been set) is written to B<*st>. 47 48All these functions are implemented as macros. Those containing a B<1> 49increment the reference count of the supplied store so it must 50be freed at some point after the operation. Those containing a B<0> do 51not increment reference counts and the supplied store B<MUST NOT> be freed 52after the operation. 53 54=head1 NOTES 55 56The stores pointers associated with an SSL_CTX structure are copied to any SSL 57structures when SSL_new() is called. As a result SSL structures will not be 58affected if the parent SSL_CTX store pointer is set to a new value. 59 60The verification store is used to verify the certificate chain sent by the 61peer: that is an SSL/TLS client will use the verification store to verify 62the server's certificate chain and a SSL/TLS server will use it to verify 63any client certificate chain. 64 65The chain store is used to build the certificate chain. 66Details of the chain building and checking process are described in 67L<openssl-verification-options(1)/Certification Path Building> and 68L<openssl-verification-options(1)/Certification Path Validation>. 69 70If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 71configured already (for example using the functions such as 72L<SSL_CTX_add1_chain_cert(3)> or 73L<SSL_CTX_add_extra_chain_cert(3)>) then 74automatic chain building is disabled. 75 76If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building 77is disabled. 78 79If the chain or the verification store is not set then the store associated 80with the parent SSL_CTX is used instead to retain compatibility with previous 81versions of OpenSSL. 82 83=head1 RETURN VALUES 84 85All these functions return 1 for success and 0 for failure. 86 87=head1 SEE ALSO 88 89L<ssl(7)>, 90L<SSL_CTX_add_extra_chain_cert(3)> 91L<SSL_CTX_set0_chain(3)> 92L<SSL_CTX_set1_chain(3)> 93L<SSL_CTX_add0_chain_cert(3)> 94L<SSL_CTX_add1_chain_cert(3)> 95L<SSL_set0_chain(3)> 96L<SSL_set1_chain(3)> 97L<SSL_add0_chain_cert(3)> 98L<SSL_add1_chain_cert(3)> 99L<SSL_CTX_build_cert_chain(3)> 100L<SSL_build_cert_chain(3)> 101 102=head1 HISTORY 103 104These functions were added in OpenSSL 1.0.2. 105 106=head1 COPYRIGHT 107 108Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved. 109 110Licensed under the Apache License 2.0 (the "License"). You may not use 111this file except in compliance with the License. You can obtain a copy 112in the file LICENSE in the source distribution or at 113L<https://www.openssl.org/source/license.html>. 114 115=cut 116