DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

X509_STORE_CTX_init(3)




X509_STORE_CTX_new(3)        OpenSSL        X509_STORE_CTX_new(3)


NAME

     X509_STORE_CTX_new, X509_STORE_CTX_cleanup,
     X509_STORE_CTX_free, X509_STORE_CTX_init,
     X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert,
     X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls,
     X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param,
     X509_STORE_CTX_set_default - X509_STORE_CTX initialisation


SYNOPSIS

      #include <openssl/x509_vfy.h>

      X509_STORE_CTX *X509_STORE_CTX_new(void);
      void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
      void X509_STORE_CTX_free(X509_STORE_CTX *ctx);

      int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                              X509 *x509, STACK_OF(X509) *chain);

      void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);

      void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
      void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
      void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);

      X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
      void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
      int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);


DESCRIPTION

     These functions initialise an X509_STORE_CTX structure for
     subsequent use by X509_verify_cert().

     X509_STORE_CTX_new() returns a newly initialised
     X509_STORE_CTX structure.

     X509_STORE_CTX_cleanup() internally cleans up an
     X509_STORE_CTX structure.  The context can then be reused
     with an new call to X509_STORE_CTX_init().

     X509_STORE_CTX_free() completely frees up ctx. After this
     call ctx is no longer valid.

     X509_STORE_CTX_init() sets up ctx for a subsequent
     verification operation.  It must be called before each call
     to X509_verify_cert(), i.e. a ctx is only good for one call
     to X509_verify_cert(); if you want to verify a second
     certificate with the same ctx then you must call
     X509_STORE_CTX_cleanup() and then X509_STORE_CTX_init()
     again before the second call to X509_verify_cert(). The
     trusted certificate store is set to store, the end entity
     certificate to be verified is set to x509 and a set of
     additional certificates (which will be untrusted but may be

1.0.2t               Last change: 2019-09-10                    1

X509_STORE_CTX_new(3)        OpenSSL        X509_STORE_CTX_new(3)

     used to build the chain) in chain. Any or all of the store,
     x509 and chain parameters can be NULL.

     X509_STORE_CTX_trusted_stack() sets the set of trusted
     certificates of ctx to sk. This is an alternative way of
     specifying trusted certificates instead of using an
     X509_STORE.

     X509_STORE_CTX_set_cert() sets the certificate to be
     vertified in ctx to x.

     X509_STORE_CTX_set_chain() sets the additional certificate
     chain used by ctx to sk.

     X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid
     certificate verification to sk. These CRLs will only be used
     if CRL verification is enabled in the associated
     X509_VERIFY_PARAM structure. This might be used where
     additional "useful" CRLs are supplied as part of a protocol,
     for example in a PKCS#7 structure.

     X509_VERIFY_PARAM *X509_STORE_CTX_get0_param() retrieves an
     intenal pointer to the verification parameters associated
     with ctx.

     X509_STORE_CTX_set0_param() sets the intenal verification
     parameter pointer to param. After this call param should not
     be used.

     X509_STORE_CTX_set_default() looks up and sets the default
     verification method to name. This uses the function
     X509_VERIFY_PARAM_lookup() to find an appropriate set of
     parameters from name.


NOTES

     The certificates and CRLs in a store are used internally and
     should not be freed up until after the associated
     X509_STORE_CTX is freed. Legacy applications might
     implicitly use an X509_STORE_CTX like this:

       X509_STORE_CTX ctx;
       X509_STORE_CTX_init(&ctx, store, cert, chain);

     this is not recommended in new applications they should
     instead do:

       X509_STORE_CTX *ctx;
       ctx = X509_STORE_CTX_new();
       if (ctx == NULL)
             /* Bad error */
       X509_STORE_CTX_init(ctx, store, cert, chain);

1.0.2t               Last change: 2019-09-10                    2

X509_STORE_CTX_new(3)        OpenSSL        X509_STORE_CTX_new(3)


BUGS

     The certificates and CRLs in a context are used internally
     and should not be freed up until after the associated
     X509_STORE_CTX is freed. Copies should be made or reference
     counts increased instead.


RETURN VALUES

     X509_STORE_CTX_new() returns an newly allocates context or
     NULL is an error occurred.

     X509_STORE_CTX_init() returns 1 for success or 0 if an error
     occurred.

     X509_STORE_CTX_get0_param() returns a pointer to an
     X509_VERIFY_PARAM structure or NULL if an error occurred.

     X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(),
     X509_STORE_CTX_trusted_stack(), X509_STORE_CTX_set_cert(),
     X509_STORE_CTX_set_chain(), X509_STORE_CTX_set0_crls() and
     X509_STORE_CTX_set0_param() do not return values.

     X509_STORE_CTX_set_default() returns 1 for success or 0 if
     an error occurred.


SEE ALSO

     X509_verify_cert(3) X509_VERIFY_PARAM_set_flags(3)


HISTORY

     X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0

1.0.2t               Last change: 2019-09-10                    3


Man(1) output converted with man2html