1.\" $OpenBSD: X509_STORE_load_locations.3,v 1.7 2021/03/12 05:18:00 jsg Exp $ 2.\" full merge up to: 3.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 4.\" 5.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org> 6.\" 7.\" Permission to use, copy, modify, and distribute this software for any 8.\" purpose with or without fee is hereby granted, provided that the above 9.\" copyright notice and this permission notice appear in all copies. 10.\" 11.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18.\" 19.Dd $Mdocdate: March 12 2021 $ 20.Dt X509_STORE_LOAD_LOCATIONS 3 21.Os 22.Sh NAME 23.Nm X509_STORE_load_locations , 24.Nm X509_STORE_set_default_paths 25.Nd configure files and directories used by a certificate store 26.Sh SYNOPSIS 27.In openssl/x509_vfy.h 28.Ft int 29.Fo X509_STORE_load_locations 30.Fa "X509_STORE *store" 31.Fa "const char *file" 32.Fa "const char *dirs" 33.Fc 34.Ft int 35.Fo X509_STORE_set_default_paths 36.Fa "X509_STORE *store" 37.Fc 38.Sh DESCRIPTION 39.Fn X509_STORE_load_locations 40instructs the 41.Fa store 42to use the PEM file 43.Fa file 44and all the PEM files in the directories 45contained in the colon-separated list 46.Fa dirs 47for looking up certificates, in addition to files and directories 48that are already configured. 49The certificates in the directories must be in hashed form, as documented in 50.Xr X509_LOOKUP_hash_dir 3 . 51Directories already in use are not added again. 52If 53.Dv NULL 54is passed for 55.Fa file 56or 57.Fa dirs , 58no new file or no new directories are added, respectively. 59.Pp 60.Fn X509_STORE_load_locations 61is identical to 62.Xr SSL_CTX_load_verify_locations 3 63except that it operates directly on an 64.Vt X509_STORE 65object, rather than on the store used by an SSL context. 66See that manual page for more information. 67.Pp 68.Fn X509_STORE_set_default_paths 69is similar except that it instructs the 70.Fa store 71to use the default PEM file and directory 72(as documented in 73.Sx FILES ) 74in addition to what is already configured. 75It ignores errors that occur while trying to load the file or to 76add the directory, but it may still fail for other reasons, for 77example when out of memory while trying to allocate the required 78.Vt X509_LOOKUP 79objects. 80.Pp 81.Fn X509_STORE_set_default_paths 82is identical to 83.Xr SSL_CTX_set_default_verify_paths 3 84except that it operates directly on an 85.Vt X509_STORE 86object, rather than on the store used by an SSL context. 87See that manual page for more information. 88.Sh RETURN VALUES 89.Fn X509_STORE_load_locations 90returns 1 if all files and directories specified were successfully 91added. 92It returns 0 for failure. 93That can happen if adding the file failed, if adding any of the 94directories failed, or if both arguments were 95.Dv NULL . 96.Pp 97.Fn X509_STORE_set_default_paths 98returns 0 for some error conditions and 1 otherwise, not just for 99success, but also for various cases of failure. 100.Sh FILES 101.Bl -tag -width Ds 102.It Pa /etc/ssl/cert.pem 103default PEM file for 104.Fn X509_STORE_set_default_paths 105.It Pa /etc/ssl/certs/ 106default directory for 107.Fn X509_STORE_set_default_paths 108.El 109.Sh SEE ALSO 110.Xr SSL_CTX_load_verify_locations 3 , 111.Xr X509_LOOKUP_hash_dir 3 , 112.Xr X509_STORE_new 3 , 113.Xr X509_STORE_set1_param 3 , 114.Xr X509_STORE_set_verify_cb 3 115.Sh HISTORY 116.Fn X509_STORE_load_locations 117and 118.Fn X509_STORE_set_default_paths 119first appeared in SSLeay 0.8.0 and have been available since 120.Ox 2.4 . 121.Sh BUGS 122By the time that adding a directory is found to have failed, 123the file and some other directories may already have been successfully loaded, 124so these functions may change the state of the store even when they fail. 125.Pp 126.Fn X509_STORE_set_default_paths 127clears the error queue, deleting even error information that was 128already present when it was called. 129