-</code></pre></div><h2 id=description>DESCRIPTION<a class=headerlink href=#description title="Permanent link">¶</a></h2><p>SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() set the certificate store used for certificate verification to <strong>st</strong>.</p><p>SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() set the certificate store used for certificate chain building to <strong>st</strong>.</p><p>SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar except they apply to SSL structure <strong>ssl</strong>.</p><p>SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(), SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the objects previously set via the above calls. A pointer to the object (or NULL if no such object has been set) is written to <strong>*st</strong>.</p><p>All these functions are implemented as macros. Those containing a <strong>1</strong> increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a <strong>0</strong> do not increment reference counts and the supplied store <strong>MUST NOT</strong> be freed after the operation.</p><h2 id=notes>NOTES<a class=headerlink href=#notes title="Permanent link">¶</a></h2><p>The stores pointers associated with an SSL_CTX structure are copied to any SSL structures when SSL_new() is called. As a result SSL structures will not be affected if the parent SSL_CTX store pointer is set to a new value.</p><p>The verification store is used to verify the certificate chain sent by the peer: that is an SSL/TLS client will use the verification store to verify the server's certificate chain and a SSL/TLS server will use it to verify any client certificate chain.</p><p>The chain store is used to build the certificate chain. Details of the chain building and checking process are described in <a href=../../man1/openssl-verification-options/ >"Certification Path Building" in openssl-verification-options(1)</a> and <a href=../../man1/openssl-verification-options/ >"Certification Path Validation" in openssl-verification-options(1)</a>.</p><p>If the mode <strong>SSL_MODE_NO_AUTO_CHAIN</strong> is set or a certificate chain is configured already (for example using the functions such as <a href=../SSL_CTX_add1_chain_cert/ >SSL_CTX_add1_chain_cert(3)</a> or <a href=../SSL_CTX_add_extra_chain_cert/ >SSL_CTX_add_extra_chain_cert(3)</a>) then automatic chain building is disabled.</p><p>If the mode <strong>SSL_MODE_NO_AUTO_CHAIN</strong> is set then automatic chain building is disabled.</p><p>If the chain or the verification store is not set then the store associated with the parent SSL_CTX is used instead to retain compatibility with previous versions of OpenSSL.</p><h2 id=return-values>RETURN VALUES<a class=headerlink href=#return-values title="Permanent link">¶</a></h2><p>All these functions return 1 for success and 0 for failure.</p><h2 id=see-also>SEE ALSO<a class=headerlink href=#see-also title="Permanent link">¶</a></h2><p><a href=../../man7/ossl-guide-libssl-introduction/ >ssl(7)</a>, <a href=../SSL_CTX_add_extra_chain_cert/ >SSL_CTX_add_extra_chain_cert(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_CTX_set0_chain(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_CTX_set1_chain(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_CTX_add0_chain_cert(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_CTX_add1_chain_cert(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_set0_chain(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_set1_chain(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_add0_chain_cert(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_add1_chain_cert(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_CTX_build_cert_chain(3)</a><a href=../SSL_CTX_add1_chain_cert/ >SSL_build_cert_chain(3)</a></p><h2 id=history>HISTORY<a class=headerlink href=#history title="Permanent link">¶</a></h2><p>These functions were added in OpenSSL 1.0.2.</p><h2 id=copyright>COPYRIGHT<a class=headerlink href=#copyright title="Permanent link">¶</a></h2><p>Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.</p><p>Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href=https://www.openssl.org/source/license.html>https://www.openssl.org/source/license.html</a>.</p></article></div><script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script></div></main><footer class=md-footer><div class="md-footer-meta md-typeset"><div class="md-footer-meta__inner md-grid"><div class=md-copyright> Made with <a href=https://squidfunk.github.io/mkdocs-material/ target=_blank rel=noopener> Material for MkDocs </a></div></div></div></footer></div><div class=md-dialog data-md-component=dialog><div class="md-dialog__inner md-typeset"></div></div><script id=__config type=application/json>{"base": "../..", "features": ["navigation.indexes", "navigation.instant", "navigation.path", "navigation.prune", "navigation.tabs", "navigation.tabs.sticky", "navigation.tracking", "search.suggest", "toc.follow"], "search": "../../assets/javascripts/workers/search.b8dbb3d2.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"default": "master", "provider": "mike"}}</script><script src=../../assets/javascripts/bundle.ad660dcc.min.js></script></body></html>
0 commit comments