(linenum→info "unix/slp.c:2238")

openssl/0.9.8g/doc/ssl/SSL_CTX_set_cert_store.pod

    1: =pod
    2: 
    3: =head1 NAME
    4: 
    5: SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
    6: 
    7: =head1 SYNOPSIS
    8: 
    9:  #include <openssl/ssl.h>
   10: 
   11:  void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
   12:  X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
   13: 
   14: =head1 DESCRIPTION
   15: 
   16: SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
   17: of B<ctx> to/with B<store>. If another X509_STORE object is currently
   18: set in B<ctx>, it will be X509_STORE_free()ed.
   19: 
   20: SSL_CTX_get_cert_store() returns a pointer to the current certificate
   21: verification storage.
   22: 
   23: =head1 NOTES
   24: 
   25: In order to verify the certificates presented by the peer, trusted CA
   26: certificates must be accessed. These CA certificates are made available
   27: via lookup methods, handled inside the X509_STORE. From the X509_STORE
   28: the X509_STORE_CTX used when verifying certificates is created.
   29: 
   30: Typically the trusted certificate store is handled indirectly via using
   31: L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
   32: Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
   33: it is possible to manipulate the X509_STORE object beyond the
   34: L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
   35: call.
   36: 
   37: Currently no detailed documentation on how to use the X509_STORE
   38: object is available. Not all members of the X509_STORE are used when
   39: the verification takes place. So will e.g. the verify_callback() be
   40: overridden with the verify_callback() set via the
   41: L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions.
   42: This document must therefore be updated when documentation about the
   43: X509_STORE object and its handling becomes available.
   44: 
   45: =head1 RETURN VALUES
   46: 
   47: SSL_CTX_set_cert_store() does not return diagnostic output.
   48: 
   49: SSL_CTX_get_cert_store() returns the current setting.
   50: 
   51: =head1 SEE ALSO
   52: 
   53: L<ssl(3)|ssl(3)>,
   54: L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
   55: L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
   56: 
   57: =cut
Syntax (Markdown)