SSL_CTX_set_cert_store - manipulate X509 certificate verification storage
#include <openssl/ssl.h> void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store); X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
OpenSSL SSL_CTX_set_cert_store(3openssl)
NAME
SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509
certificate verification storage
SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
DESCRIPTION
SSL_CTX_set_cert_store() sets/replaces the certificate verification
storage of ctx to/with store. If another X509_STORE object is currently
set in ctx, it will be X509_STORE_free()ed.
SSL_CTX_get_cert_store() returns a pointer to the current certificate
verification storage.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
+---------------+--------------------------+
|ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+---------------+--------------------------+
|Availability | library/security/openssl |
+---------------+--------------------------+
|Stability | Pass-through uncommitted |
+---------------+--------------------------+
NOTES
In order to verify the certificates presented by the peer, trusted CA
certificates must be accessed. These CA certificates are made available
via lookup methods, handled inside the X509_STORE. From the X509_STORE
the X509_STORE_CTX used when verifying certificates is created.
Typically the trusted certificate store is handled indirectly via using
SSL_CTX_load_verify_locations(3). Using the SSL_CTX_set_cert_store()
and SSL_CTX_get_cert_store() functions it is possible to manipulate the
X509_STORE object beyond the SSL_CTX_load_verify_locations(3) call.
Currently no detailed documentation on how to use the X509_STORE object
is available. Not all members of the X509_STORE are used when the
verification takes place. So will e.g. the verify_callback() be
overridden with the verify_callback() set via the SSL_CTX_set_verify(3)
family of functions. This document must therefore be updated when
documentation about the X509_STORE object and its handling becomes
available.
Source code for open source software components in Oracle Solaris can
be found at https://www.oracle.com/downloads/opensource/solaris-source-
code-downloads.html.
This software was built from source available at
https://github.com/oracle/solaris-userland. The original community
source was downloaded from
https://www.openssl.org/source/openssl-1.0.2ze.tar.gz.
Further information about this software can be found on the open source
community website at https://www.openssl.org/.
RESTRICTIONS
The X509_STORE structure used by an SSL_CTX is used for verifying peer
certificates and building certificate chains, it is also shared by
every child SSL structure. Applications wanting finer control can use
functions such as SSL_CTX_set1_verify_cert_store() instead.
RETURN VALUES
SSL_CTX_set_cert_store() does not return diagnostic output.
SSL_CTX_get_cert_store() returns the current setting.
SEE ALSO
ssl(3), SSL_CTX_load_verify_locations(3), SSL_CTX_set_verify(3)
1.0.2ze 2022-05-03
SSL_CTX_set_cert_store(3openssl)