189837Skris=pod 289837Skris 389837Skris=head1 NAME 489837Skris 589837SkrisSSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage 689837Skris 789837Skris=head1 SYNOPSIS 889837Skris 989837Skris #include <openssl/ssl.h> 1089837Skris 1189837Skris void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); 12160814Ssimon X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); 1389837Skris 1489837Skris=head1 DESCRIPTION 1589837Skris 1689837SkrisSSL_CTX_set_cert_store() sets/replaces the certificate verification storage 17100936Snectarof B<ctx> to/with B<store>. If another X509_STORE object is currently 1889837Skrisset in B<ctx>, it will be X509_STORE_free()ed. 1989837Skris 2089837SkrisSSL_CTX_get_cert_store() returns a pointer to the current certificate 2189837Skrisverification storage. 2289837Skris 2389837Skris=head1 NOTES 2489837Skris 2589837SkrisIn order to verify the certificates presented by the peer, trusted CA 2689837Skriscertificates must be accessed. These CA certificates are made available 2789837Skrisvia lookup methods, handled inside the X509_STORE. From the X509_STORE 2889837Skristhe X509_STORE_CTX used when verifying certificates is created. 2989837Skris 3089837SkrisTypically the trusted certificate store is handled indirectly via using 3189837SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. 3289837SkrisUsing the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions 3389837Skrisit is possible to manipulate the X509_STORE object beyond the 3489837SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 3589837Skriscall. 3689837Skris 3789837SkrisCurrently no detailed documentation on how to use the X509_STORE 3889837Skrisobject is available. Not all members of the X509_STORE are used when 3989837Skristhe verification takes place. So will e.g. the verify_callback() be 4089837Skrisoverridden with the verify_callback() set via the 4189837SkrisL<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. 4289837SkrisThis document must therefore be updated when documentation about the 4389837SkrisX509_STORE object and its handling becomes available. 4489837Skris 45290207Sjkim=head1 RESTRICTIONS 46290207Sjkim 47290207SjkimThe X509_STORE structure used by an SSL_CTX is used for verifying peer 48290207Sjkimcertificates and building certificate chains, it is also shared by 49290207Sjkimevery child SSL structure. Applications wanting finer control can use 50290207Sjkimfunctions such as SSL_CTX_set1_verify_cert_store() instead. 51290207Sjkim 5289837Skris=head1 RETURN VALUES 5389837Skris 5489837SkrisSSL_CTX_set_cert_store() does not return diagnostic output. 5589837Skris 5689837SkrisSSL_CTX_get_cert_store() returns the current setting. 5789837Skris 5889837Skris=head1 SEE ALSO 5989837Skris 6089837SkrisL<ssl(3)|ssl(3)>, 6189837SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, 6289837SkrisL<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> 6389837Skris 6489837Skris=cut 65