1=pod 2 3=head1 NAME 4 5SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, 6SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, 7SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, 8SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate 9verification or chain store 10 11=head1 SYNOPSIS 12 13 #include <openssl/ssl.h> 14 15 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 16 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 17 int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 18 int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 19 20 int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); 21 int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); 22 int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); 23 int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); 24 25=head1 DESCRIPTION 26 27SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() 28set the certificate store used for certificate verification to B<st>. 29 30SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() 31set the certificate store used for certificate chain building to B<st>. 32 33SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), 34SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar 35except they apply to SSL structure B<ssl>. 36 37All these functions are implemented as macros. Those containing a B<1> 38increment the reference count of the supplied store so it must 39be freed at some point after the operation. Those containing a B<0> do 40not increment reference counts and the supplied store B<MUST NOT> be freed 41after the operation. 42 43=head1 NOTES 44 45The stores pointers associated with an SSL_CTX structure are copied to any SSL 46structures when SSL_new() is called. As a result SSL structures will not be 47affected if the parent SSL_CTX store pointer is set to a new value. 48 49The verification store is used to verify the certificate chain sent by the 50peer: that is an SSL/TLS client will use the verification store to verify 51the server's certificate chain and a SSL/TLS server will use it to verify 52any client certificate chain. 53 54The chain store is used to build the certificate chain. 55 56If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 57configured already (for example using the functions such as 58L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> or 59L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>) then 60automatic chain building is disabled. 61 62If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building 63is disabled. 64 65If the chain or the verification store is not set then the store associated 66with the parent SSL_CTX is used instead to retain compatibility with previous 67versions of OpenSSL. 68 69=head1 RETURN VALUES 70 71All these functions return 1 for success and 0 for failure. 72 73=head1 SEE ALSO 74 75L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> 76L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> 77L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> 78L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> 79L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> 80L<SSL_set0_chain(3)|SSL_set0_chain(3)> 81L<SSL_set1_chain(3)|SSL_set1_chain(3)> 82L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> 83L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> 84L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> 85L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> 86 87=head1 HISTORY 88 89These functions were first added to OpenSSL 1.0.2. 90 91=cut 92