1=pod 2 3=head1 NAME 4 5SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, 6SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, 7SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, 8SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate 9verification or chain store 10 11=head1 SYNOPSIS 12 13 #include <openssl/ssl.h> 14 15 int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 16 int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); 17 int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 18 int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); 19 20 int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); 21 int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); 22 int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); 23 int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); 24 25=head1 DESCRIPTION 26 27SSL_CTX_set0_verify_cert_store() and SSL_CTX_set1_verify_cert_store() 28set the certificate store used for certificate verification to B<st>. 29 30SSL_CTX_set0_chain_cert_store() and SSL_CTX_set1_chain_cert_store() 31set the certificate store used for certificate chain building to B<st>. 32 33SSL_set0_verify_cert_store(), SSL_set1_verify_cert_store(), 34SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar 35except they apply to SSL structure B<ssl>. 36 37All these functions are implemented as macros. Those containing a B<1> 38increment the reference count of the supplied store so it must 39be freed at some point after the operation. Those containing a B<0> do 40not increment reference counts and the supplied store B<MUST NOT> be freed 41after the operation. 42 43=head1 NOTES 44 45The stores pointers associated with an SSL_CTX structure are copied to any SSL 46structures when SSL_new() is called. As a result SSL structures will not be 47affected if the parent SSL_CTX store pointer is set to a new value. 48 49The verification store is used to verify the certificate chain sent by the 50peer: that is an SSL/TLS client will use the verification store to verify 51the server's certificate chain and a SSL/TLS server will use it to verify 52any client certificate chain. 53 54The chain store is used to build the certificate chain. 55 56If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is 57configured already (for example using the functions such as 58L<SSL_CTX_add1_chain_cert(3)> or 59L<SSL_CTX_add_extra_chain_cert(3)>) then 60automatic chain building is disabled. 61 62If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set then automatic chain building 63is disabled. 64 65If the chain or the verification store is not set then the store associated 66with the parent SSL_CTX is used instead to retain compatibility with previous 67versions of OpenSSL. 68 69=head1 RETURN VALUES 70 71All these functions return 1 for success and 0 for failure. 72 73=head1 SEE ALSO 74 75L<SSL_CTX_add_extra_chain_cert(3)> 76L<SSL_CTX_set0_chain(3)> 77L<SSL_CTX_set1_chain(3)> 78L<SSL_CTX_add0_chain_cert(3)> 79L<SSL_CTX_add1_chain_cert(3)> 80L<SSL_set0_chain(3)> 81L<SSL_set1_chain(3)> 82L<SSL_add0_chain_cert(3)> 83L<SSL_add1_chain_cert(3)> 84L<SSL_CTX_build_cert_chain(3)> 85L<SSL_build_cert_chain(3)> 86 87=head1 HISTORY 88 89These functions were added in OpenSSL 1.0.2. 90 91=head1 COPYRIGHT 92 93Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved. 94 95Licensed under the OpenSSL license (the "License"). You may not use 96this file except in compliance with the License. You can obtain a copy 97in the file LICENSE in the source distribution or at 98L<https://www.openssl.org/source/license.html>. 99 100=cut 101