1.\" $OpenBSD: X509_STORE_load_locations.3,v 1.10 2021/11/12 14:05:28 schwarze Exp $ 2.\" full merge up to: 3.\" OpenSSL X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000 4.\" 5.\" Copyright (c) 2017, 2021 Ingo Schwarze <schwarze@openbsd.org> 6.\" 7.\" Permission to use, copy, modify, and distribute this software for any 8.\" purpose with or without fee is hereby granted, provided that the above 9.\" copyright notice and this permission notice appear in all copies. 10.\" 11.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18.\" 19.Dd $Mdocdate: November 12 2021 $ 20.Dt X509_STORE_LOAD_LOCATIONS 3 21.Os 22.Sh NAME 23.Nm X509_STORE_load_locations , 24.Nm X509_STORE_set_default_paths , 25.Nm X509_STORE_load_mem , 26.Nm X509_STORE_add_lookup 27.Nd configure files and directories used by a certificate store 28.Sh SYNOPSIS 29.In openssl/x509_vfy.h 30.Ft int 31.Fo X509_STORE_load_locations 32.Fa "X509_STORE *store" 33.Fa "const char *file" 34.Fa "const char *dirs" 35.Fc 36.Ft int 37.Fo X509_STORE_set_default_paths 38.Fa "X509_STORE *store" 39.Fc 40.Ft int 41.Fo X509_STORE_load_mem 42.Fa "X509_STORE *store" 43.Fa "void *buffer" 44.Fa "int length" 45.Fc 46.Ft X509_LOOKUP * 47.Fo X509_STORE_add_lookup 48.Fa "X509_STORE *store" 49.Fa "X509_LOOKUP_METHOD *method" 50.Fc 51.Sh DESCRIPTION 52.Fn X509_STORE_load_locations 53instructs the 54.Fa store 55to use the PEM 56.Fa file 57and all the PEM files in the directories 58contained in the colon-separated list 59.Fa dirs 60for looking up certificates, in addition to files and directories 61that are already configured. 62The certificates in the directories must be in hashed form, as documented in 63.Xr X509_LOOKUP_hash_dir 3 . 64Directories already in use are not added again. 65If 66.Dv NULL 67is passed for 68.Fa file 69or 70.Fa dirs , 71no new file or no new directories are added, respectively. 72.Pp 73.Fn X509_STORE_load_locations 74is identical to 75.Xr SSL_CTX_load_verify_locations 3 76except that it operates directly on an 77.Vt X509_STORE 78object, rather than on the store used by an SSL context. 79See that manual page for more information. 80.Pp 81.Fn X509_STORE_set_default_paths 82is similar except that it instructs the 83.Fa store 84to use the default PEM file and directory 85(as documented in 86.Sx FILES ) 87in addition to what is already configured. 88It ignores errors that occur while trying to load the file or to 89add the directory, but it may still fail for other reasons, for 90example when out of memory while trying to allocate the required 91.Vt X509_LOOKUP 92objects. 93.Pp 94.Fn X509_STORE_set_default_paths 95is identical to 96.Xr SSL_CTX_set_default_verify_paths 3 97except that it operates directly on an 98.Vt X509_STORE 99object, rather than on the store used by an SSL context. 100See that manual page for more information. 101.Pp 102The above functions are wrappers around 103.Xr X509_LOOKUP_load_file 3 104and 105.Xr X509_LOOKUP_add_dir 3 . 106.Pp 107.Fn X509_STORE_load_mem 108instructs the 109.Fa store 110to use the certificates contained in the memory 111.Fa buffer 112of the given 113.Fa length 114for certificate lookup. 115It is a wrapper around 116.Xr X509_LOOKUP_add_mem 3 . 117.Pp 118.Fn X509_STORE_add_lookup 119checks whether the 120.Fa store 121already contains an 122.Vt X509_LOOKUP 123object using the given 124.Fa method ; 125if it does, no action occurs. 126Otherwise, a new 127.Vt X509_LOOKUP 128object is allocated, added, and returned. 129This function is used internally by all the functions listed above. 130.Sh RETURN VALUES 131.Fn X509_STORE_load_locations 132returns 1 if all files and directories specified were successfully 133added. 134It returns 0 for failure. 135That can happen if adding the file failed, if adding any of the 136directories failed, or if both arguments were 137.Dv NULL . 138.Pp 139.Fn X509_STORE_set_default_paths 140returns 0 for some error conditions and 1 otherwise, not just for 141success, but also for various cases of failure. 142.Pp 143.Fn X509_STORE_load_mem 144returns 1 for success or 0 for failure. 145In particular, parse errors or lack of memory can cause failure. 146.Pp 147.Fn X509_STORE_add_lookup 148returns the existing or new lookup object or 149.Dv NULL 150on failure. 151With LibreSSL, the only reason for failure is lack of memory. 152.Sh FILES 153.Bl -tag -width Ds 154.It Pa /etc/ssl/cert.pem 155default PEM file for 156.Fn X509_STORE_set_default_paths 157.It Pa /etc/ssl/certs/ 158default directory for 159.Fn X509_STORE_set_default_paths 160.El 161.Sh SEE ALSO 162.Xr SSL_CTX_load_verify_locations 3 , 163.Xr X509_load_cert_file 3 , 164.Xr X509_LOOKUP_hash_dir 3 , 165.Xr X509_LOOKUP_new 3 , 166.Xr X509_STORE_new 3 , 167.Xr X509_STORE_set1_param 3 , 168.Xr X509_STORE_set_verify_cb 3 169.Sh HISTORY 170.Fn X509_STORE_load_locations , 171.Fn X509_STORE_set_default_paths , 172and 173.Fn X509_STORE_add_lookup 174first appeared in SSLeay 0.8.0 and have been available since 175.Ox 2.4 . 176.Pp 177.Fn X509_STORE_load_mem 178first appeared in 179.Ox 5.7 . 180.Sh BUGS 181By the time that adding a directory is found to have failed, 182the file and some other directories may already have been successfully loaded, 183so these functions may change the state of the store even when they fail. 184.Pp 185.Fn X509_STORE_set_default_paths 186clears the error queue, deleting even error information that was 187already present when it was called. 188