1289848Sjkim=pod 2289848Sjkim 3289848Sjkim=head1 NAME 4289848Sjkim 5289848SjkimSSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, 6289848SjkimSSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, 7289848SjkimSSL_set0_verify_cert_store, SSL_set1_verify_cert_store, 8289848SjkimSSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate 9289848Sjkimverification or chain store 10289848Sjkim 11289848Sjkim=head1 SYNOPSIS 12289848Sjkim 13289848Sjkim #include <openssl/ssl.h> 14289848Sjkim 15289848Sjkim int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 16289848Sjkim int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 17289848Sjkim int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 18289848Sjkim int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 19289848Sjkim 20295009Sjkim int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); 21295009Sjkim int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); 22295009Sjkim int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); 23295009Sjkim int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); 24289848Sjkim 25289848Sjkim=head1 DESCRIPTION 26289848Sjkim 27289848SjkimSSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() 28289848Sjkimset the certificate store used for certificate verification to B<st>. 29289848Sjkim 30289848SjkimSSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() 31289848Sjkimset the certificate store used for certificate chain building to B<st>. 32289848Sjkim 33289848SjkimSSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), 34289848SjkimSSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar 35289848Sjkimexcept they apply to SSL structure B<ssl>. 36289848Sjkim 37289848SjkimAll these functions are implemented as macros. Those containing a B<1> 38289848Sjkimincrement the reference count of the supplied store so it must 39289848Sjkimbe freed at some point after the operation. Those containing a B<0> do 40289848Sjkimnot increment reference counts and the supplied store B<MUST NOT> be freed 41289848Sjkimafter the operation. 42289848Sjkim 43289848Sjkim=head1 NOTES 44289848Sjkim 45289848SjkimThe stores pointers associated with an SSL_CTX structure are copied to any SSL 46289848Sjkimstructures when SSL_new() is called. As a result SSL structures will not be 47289848Sjkimaffected if the parent SSL_CTX store pointer is set to a new value. 48289848Sjkim 49289848SjkimThe verification store is used to verify the certificate chain sent by the 50289848Sjkimpeer: that is an SSL/TLS client will use the verification store to verify 51289848Sjkimthe server's certificate chain and a SSL/TLS server will use it to verify 52289848Sjkimany client certificate chain. 53289848Sjkim 54289848SjkimThe chain store is used to build the certificate chain. 55289848Sjkim 56289848SjkimIf the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 57289848Sjkimconfigured already (for example using the functions such as 58289848SjkimL<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> or 59289848SjkimL<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>) then 60289848Sjkimautomatic chain building is disabled. 61289848Sjkim 62289848SjkimIf the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building 63289848Sjkimis disabled. 64289848Sjkim 65289848SjkimIf the chain or the verification store is not set then the store associated 66289848Sjkimwith the parent SSL_CTX is used instead to retain compatibility with previous 67289848Sjkimversions of OpenSSL. 68289848Sjkim 69289848Sjkim=head1 RETURN VALUES 70289848Sjkim 71289848SjkimAll these functions return 1 for success and 0 for failure. 72289848Sjkim 73289848Sjkim=head1 SEE ALSO 74289848Sjkim 75289848SjkimL<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> 76289848SjkimL<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> 77289848SjkimL<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> 78289848SjkimL<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> 79289848SjkimL<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> 80289848SjkimL<SSL_set0_chain(3)|SSL_set0_chain(3)> 81289848SjkimL<SSL_set1_chain(3)|SSL_set1_chain(3)> 82289848SjkimL<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> 83289848SjkimL<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> 84289848SjkimL<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> 85289848SjkimL<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> 86289848Sjkim 87289848Sjkim=head1 HISTORY 88289848Sjkim 89289848SjkimThese functions were first added to OpenSSL 1.0.2. 90289848Sjkim 91289848Sjkim=cut 92