SSL_CTX_set_cert_store.pod revision 160814
189837Skris=pod 289837Skris 389837Skris=head1 NAME 489837Skris 589837SkrisSSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage 689837Skris 789837Skris=head1 SYNOPSIS 889837Skris 989837Skris #include <openssl/ssl.h> 1089837Skris 1189837Skris void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); 12160814Ssimon X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx); 1389837Skris 1489837Skris=head1 DESCRIPTION 1589837Skris 1689837SkrisSSL_CTX_set_cert_store() sets/replaces the certificate verification storage 17100936Snectarof B<ctx> to/with B<store>. If another X509_STORE object is currently 1889837Skrisset in B<ctx>, it will be X509_STORE_free()ed. 1989837Skris 2089837SkrisSSL_CTX_get_cert_store() returns a pointer to the current certificate 2189837Skrisverification storage. 2289837Skris 2389837Skris=head1 NOTES 2489837Skris 2589837SkrisIn order to verify the certificates presented by the peer, trusted CA 2689837Skriscertificates must be accessed. These CA certificates are made available 2789837Skrisvia lookup methods, handled inside the X509_STORE. From the X509_STORE 2889837Skristhe X509_STORE_CTX used when verifying certificates is created. 2989837Skris 3089837SkrisTypically the trusted certificate store is handled indirectly via using 3189837SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. 3289837SkrisUsing the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions 3389837Skrisit is possible to manipulate the X509_STORE object beyond the 3489837SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 3589837Skriscall. 3689837Skris 3789837SkrisCurrently no detailed documentation on how to use the X509_STORE 3889837Skrisobject is available. Not all members of the X509_STORE are used when 3989837Skristhe verification takes place. So will e.g. the verify_callback() be 4089837Skrisoverridden with the verify_callback() set via the 4189837SkrisL<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. 4289837SkrisThis document must therefore be updated when documentation about the 4389837SkrisX509_STORE object and its handling becomes available. 4489837Skris 4589837Skris=head1 RETURN VALUES 4689837Skris 4789837SkrisSSL_CTX_set_cert_store() does not return diagnostic output. 4889837Skris 4989837SkrisSSL_CTX_get_cert_store() returns the current setting. 5089837Skris 5189837Skris=head1 SEE ALSO 5289837Skris 5389837SkrisL<ssl(3)|ssl(3)>, 5489837SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, 5589837SkrisL<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> 5689837Skris 5789837Skris=cut 58