Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: 30ab7af242
Branches Tags
openssl
/
doc
/
crypto
/
X509_STORE_CTX_new.pod

X509_STORE_CTX_new.pod 4.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/x509_vfy.h>
    10. 

  10. 

  11.  X509_STORE_CTX *X509_STORE_CTX_new(void);
    12. 

  12.  void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
    13. 

  13.  void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
    14. 

  14. 

  15.  int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
    16. 

  16. 			 X509 *x509, STACK_OF(X509) *chain);
    17. 

  17. 

  18.  void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
    19. 

  19. 

  20.  void	X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
    21. 

  21.  void	X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
    22. 

  22.  void	X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
    23. 

  23. 

  24.  X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
    25. 

  25.  void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
    26. 

  26.  int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
    27. 

  27. 

  28. =head1 DESCRIPTION
    29. 

  29. 

  30. These functions initialise an B<X509_STORE_CTX> structure for subsequent use
    31. 

  31. by X509_verify_cert().
    32. 

  32. 

  33. X509_STORE_CTX_new() returns a newly initialised B<X509_STORE_CTX> structure.
    34. 

  34. 

  35. X509_STORE_CTX_cleanup() internally cleans up an B<X509_STORE_CTX> structure.
    36. 

  36. The context can then be reused with an new call to X509_STORE_CTX_init().
    37. 

  37. 

  38. X509_STORE_CTX_free() completely frees up B<ctx>. After this call B<ctx>
    39. 

  39. is no longer valid.
    40. 

  40. 

  41. X509_STORE_CTX_init() sets up B<ctx> for a subsequent verification operation.
    42. 

  42. The trusted certificate store is set to B<store>, the end entity certificate
    43. 

  43. to be verified is set to B<x509> and a set of additional certificates (which
    44. 

  44. will be untrusted but may be used to build the chain) in B<chain>. Any or
    45. 

  45. all of the B<store>, B<x509> and B<chain> parameters can be B<NULL>.
    46. 

  46. 

  47. X509_STORE_CTX_trusted_stack() sets the set of trusted certificates of B<ctx>
    48. 

  48. to B<sk>. This is an alternative way of specifying trusted certificates 
    49. 

  49. instead of using an B<X509_STORE>.
    50. 

  50. 

  51. X509_STORE_CTX_set_cert() sets the certificate to be vertified in B<ctx> to
    52. 

  52. B<x>.
    53. 

  53. 

  54. X509_STORE_CTX_set_chain() sets the additional certificate chain used by B<ctx>
    55. 

  55. to B<sk>.
    56. 

  56. 

  57. X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
    58. 

  58. verification to B<sk>. These CRLs will only be used if CRL verification is
    59. 

  59. enabled in the associated B<X509_VERIFY_PARAM> structure. This might be
    60. 

  60. used where additional "useful" CRLs are supplied as part of a protocol,
    61. 

  61. for example in a PKCS#7 structure.
    62. 

  62. 

  63. X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an intenal pointer
    64. 

  64. to the verification parameters associated with B<ctx>.
    65. 

  65. 

  66. X509_STORE_CTX_set0_param() sets the intenal verification parameter pointer
    67. 

  67. to B<param>. After this call B<param> should not be used.
    68. 

  68. 

  69. X509_STORE_CTX_set_default() looks up and sets the default verification
    70. 

  70. method to B<name>. This uses the function X509_VERIFY_PARAM_lookup() to
    71. 

  71. find an appropriate set of parameters from B<name>.
    72. 

  72. 

  73. =head1 NOTES
    74. 

  74. 

  75. The certificates and CRLs in a store are used internally and should B<not>
    76. 

  76. be freed up until after the associated B<X509_STORE_CTX> is freed. Legacy
    77. 

  77. applications might implicitly use an B<X509_STORE_CTX> like this:
    78. 

  78. 

  79.   X509_STORE_CTX ctx;
    80. 

  80.   X509_STORE_CTX_init(&ctx, store, cert, chain);
    81. 

  81. 

  82. this is B<not> recommended in new applications they should instead do:
    83. 

  83. 

  84.   X509_STORE_CTX *ctx;
    85. 

  85.   ctx = X509_STORE_CTX_new();
    86. 

  86.   if (ctx == NULL)
    87. 

  87. 	/* Bad error */
    88. 

  88.   X509_STORE_CTX_init(ctx, store, cert, chain);
    89. 

  89. 

  90. =head1 BUGS
    91. 

  91. 

  92. The certificates and CRLs in a context are used internally and should B<not>
    93. 

  93. be freed up until after the associated B<X509_STORE_CTX> is freed. Copies
    94. 

  94. should be made or reference counts increased instead.
    95. 

  95. 

  96. =head1 RETURN VALUES
    97. 

  97. 

  98. X509_STORE_CTX_new() returns an newly allocates context or B<NULL> is an
    99. 

  99. error occurred.
    100. 

  100. 

  101. X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.
    102. 

  102. 

  103. X509_STORE_CTX_get0_param() returns a pointer to an B<X509_VERIFY_PARAM>
    104. 

  104. structure or B<NULL> if an error occurred.
    105. 

  105. 

  106. X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(), X509_STORE_CTX_trusted_stack(),
    107. 

  107. X509_STORE_CTX_set_cert(), X509_STORE_CTX_set_chain(),
    108. 

  108. X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
    109. 

  109. values.
    110. 

  110. 

  111. X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.
    112. 

  112. 

  113. =head1 SEE ALSO
    114. 

  114. 

  115. L<X509_verify_cert(3)|X509_verify_cert(3)>
    116. 

  116. L<X509_VERIFY_PARAM_set_flags(3)|X509_VERIFY_PARAM_set_flags(3)>
    117. 

  117. 

  118. =head1 HISTORY
    119. 

  119. 

  120. X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
    121. 

  121. 

  122. =cut
    123.