| X509_STORE_CTX_new.pod (1.1.1.7) | X509_STORE_CTX_new.pod (1.1.1.8) |
|---|---|
| 1=pod 2 3=head1 NAME 4 5X509_STORE_CTX_new_ex, X509_STORE_CTX_new, X509_STORE_CTX_cleanup, 6X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, 7X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, 8X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, --- 163 unchanged lines hidden (view full) --- 172held alongside it. This "meta" information is associated with the certificate 173after it is issued and could be determined by a system administrator. For 174example a certificate might declare that it is suitable for use for both 175"TLS WWW Server Authentication" and "TLS Client Authentication", but a system 176administrator might only trust it for the former. An X.509 certificate extension 177exists that can record extended key usage information to supplement the purpose 178information described above. This extended mechanism is arbitrarily extensible 179and not well suited for a generic library API; applications that need to | 1=pod 2 3=head1 NAME 4 5X509_STORE_CTX_new_ex, X509_STORE_CTX_new, X509_STORE_CTX_cleanup, 6X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, 7X509_STORE_CTX_set_cert, X509_STORE_CTX_set0_crls, 8X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, --- 163 unchanged lines hidden (view full) --- 172held alongside it. This "meta" information is associated with the certificate 173after it is issued and could be determined by a system administrator. For 174example a certificate might declare that it is suitable for use for both 175"TLS WWW Server Authentication" and "TLS Client Authentication", but a system 176administrator might only trust it for the former. An X.509 certificate extension 177exists that can record extended key usage information to supplement the purpose 178information described above. This extended mechanism is arbitrarily extensible 179and not well suited for a generic library API; applications that need to |
| 180validate extended key usage information in certifiates will need to define a | 180validate extended key usage information in certificates will need to define a |
| 181custom "purpose" (see below) or supply a nondefault verification callback 182(L<X509_STORE_set_verify_cb_func(3)>). 183 184X509_STORE_CTX_set_purpose() sets the purpose for the target certificate being 185verified in the I<ctx>. Built-in available values for the I<purpose> argument 186are B<X509_PURPOSE_SSL_CLIENT>, B<X509_PURPOSE_SSL_SERVER>, 187B<X509_PURPOSE_NS_SSL_SERVER>, B<X509_PURPOSE_SMIME_SIGN>, 188B<X509_PURPOSE_SMIME_ENCRYPT>, B<X509_PURPOSE_CRL_SIGN>, B<X509_PURPOSE_ANY>, --- 79 unchanged lines hidden (view full) --- 268The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. 269The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. 270The X509_STORE_CTX_new_ex() function was added in OpenSSL 3.0. 271 272There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0. 273 274=head1 COPYRIGHT 275 | 181custom "purpose" (see below) or supply a nondefault verification callback 182(L<X509_STORE_set_verify_cb_func(3)>). 183 184X509_STORE_CTX_set_purpose() sets the purpose for the target certificate being 185verified in the I<ctx>. Built-in available values for the I<purpose> argument 186are B<X509_PURPOSE_SSL_CLIENT>, B<X509_PURPOSE_SSL_SERVER>, 187B<X509_PURPOSE_NS_SSL_SERVER>, B<X509_PURPOSE_SMIME_SIGN>, 188B<X509_PURPOSE_SMIME_ENCRYPT>, B<X509_PURPOSE_CRL_SIGN>, B<X509_PURPOSE_ANY>, --- 79 unchanged lines hidden (view full) --- 268The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0. 269The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0. 270The X509_STORE_CTX_new_ex() function was added in OpenSSL 3.0. 271 272There is no need to call X509_STORE_CTX_cleanup() explicitly since OpenSSL 3.0. 273 274=head1 COPYRIGHT 275 |
| 276Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved. | 276Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. |
| 277 278Licensed under the Apache License 2.0 (the "License"). You may not use 279this file except in compliance with the License. You can obtain a copy 280in the file LICENSE in the source distribution or at 281L<https://www.openssl.org/source/license.html>. 282 283=cut | 277 278Licensed under the Apache License 2.0 (the "License"). You may not use 279this file except in compliance with the License. You can obtain a copy 280in the file LICENSE in the source distribution or at 281L<https://www.openssl.org/source/license.html>. 282 283=cut |