SSL_CTX_set_cert_store.pod revision 89837
1=pod 2 3=head1 NAME 4 5SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); 12 X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx); 13 14=head1 DESCRIPTION 15 16SSL_CTX_set_cert_store() sets/replaces the certificate verification storage 17of B<ctx> to/with B<store>. If another X505_STORE object is currently 18set in B<ctx>, it will be X509_STORE_free()ed. 19 20SSL_CTX_get_cert_store() returns a pointer to the current certificate 21verification storage. 22 23=head1 NOTES 24 25In order to verify the certificates presented by the peer, trusted CA 26certificates must be accessed. These CA certificates are made available 27via lookup methods, handled inside the X509_STORE. From the X509_STORE 28the X509_STORE_CTX used when verifying certificates is created. 29 30Typically the trusted certificate store is handled indirectly via using 31L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. 32Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions 33it is possible to manipulate the X509_STORE object beyond the 34L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 35call. 36 37Currently no detailed documentation on how to use the X509_STORE 38object is available. Not all members of the X509_STORE are used when 39the verification takes place. So will e.g. the verify_callback() be 40overridden with the verify_callback() set via the 41L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions. 42This document must therefore be updated when documentation about the 43X509_STORE object and its handling becomes available. 44 45=head1 RETURN VALUES 46 47SSL_CTX_set_cert_store() does not return diagnostic output. 48 49SSL_CTX_get_cert_store() returns the current setting. 50 51=head1 SEE ALSO 52 53L<ssl(3)|ssl(3)>, 54L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, 55L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> 56 57=cut 58