196 lines
8.8 KiB
HTML
196 lines
8.8 KiB
HTML
|
<?xml version="1.0" ?>
|
||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||
|
<head>
|
||
|
<title>X509_STORE_CTX_new</title>
|
||
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
||
|
<link rev="made" href="mailto:root@localhost" />
|
||
|
</head>
|
||
|
|
||
|
<body style="background-color: white">
|
||
|
|
||
|
|
||
|
<!-- INDEX BEGIN -->
|
||
|
<div name="index">
|
||
|
<p><a name="__index__"></a></p>
|
||
|
|
||
|
<ul>
|
||
|
|
||
|
<li><a href="#name">NAME</a></li>
|
||
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
||
|
<li><a href="#description">DESCRIPTION</a></li>
|
||
|
<li><a href="#notes">NOTES</a></li>
|
||
|
<li><a href="#bugs">BUGS</a></li>
|
||
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
||
|
<li><a href="#see_also">SEE ALSO</a></li>
|
||
|
<li><a href="#history">HISTORY</a></li>
|
||
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<hr name="index" />
|
||
|
</div>
|
||
|
<!-- INDEX END -->
|
||
|
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="name">NAME</a></h1>
|
||
|
<p>X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free,
|
||
|
X509_STORE_CTX_init, X509_STORE_CTX_set0_trusted_stack, X509_STORE_CTX_set_cert,
|
||
|
X509_STORE_CTX_set0_crls,
|
||
|
X509_STORE_CTX_get0_chain, X509_STORE_CTX_set0_verified_chain,
|
||
|
X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param,
|
||
|
X509_STORE_CTX_get0_untrusted, X509_STORE_CTX_set0_untrusted,
|
||
|
X509_STORE_CTX_get_num_untrusted,
|
||
|
X509_STORE_CTX_set_default,
|
||
|
X509_STORE_CTX_set_verify,
|
||
|
X509_STORE_CTX_verify_fn
|
||
|
- X509_STORE_CTX initialisation</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
||
|
<pre>
|
||
|
#include <openssl/x509_vfy.h></pre>
|
||
|
<pre>
|
||
|
X509_STORE_CTX *X509_STORE_CTX_new(void);
|
||
|
void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
|
||
|
void X509_STORE_CTX_free(X509_STORE_CTX *ctx);</pre>
|
||
|
<pre>
|
||
|
int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
|
||
|
X509 *x509, STACK_OF(X509) *chain);</pre>
|
||
|
<pre>
|
||
|
void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);</pre>
|
||
|
<pre>
|
||
|
void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x);
|
||
|
STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
|
||
|
void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *chain);
|
||
|
void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);</pre>
|
||
|
<pre>
|
||
|
X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
|
||
|
void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
|
||
|
int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);</pre>
|
||
|
<pre>
|
||
|
STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
|
||
|
void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);</pre>
|
||
|
<pre>
|
||
|
int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);</pre>
|
||
|
<pre>
|
||
|
typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
|
||
|
void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify_fn verify);</pre>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="description">DESCRIPTION</a></h1>
|
||
|
<p>These functions initialise an <strong>X509_STORE_CTX</strong> structure for subsequent use
|
||
|
by X509_verify_cert().</p>
|
||
|
<p>X509_STORE_CTX_new() returns a newly initialised <strong>X509_STORE_CTX</strong> structure.</p>
|
||
|
<p>X509_STORE_CTX_cleanup() internally cleans up an <strong>X509_STORE_CTX</strong> structure.
|
||
|
The context can then be reused with an new call to X509_STORE_CTX_init().</p>
|
||
|
<p>X509_STORE_CTX_free() completely frees up <strong>ctx</strong>. After this call <strong>ctx</strong>
|
||
|
is no longer valid.
|
||
|
If <strong>ctx</strong> is NULL nothing is done.</p>
|
||
|
<p>X509_STORE_CTX_init() sets up <strong>ctx</strong> for a subsequent verification operation.
|
||
|
It must be called before each call to X509_verify_cert(), i.e. a <strong>ctx</strong> is only
|
||
|
good for one call to X509_verify_cert(); if you want to verify a second
|
||
|
certificate with the same <strong>ctx</strong> then you must call X509_STORE_CTX_cleanup()
|
||
|
and then X509_STORE_CTX_init() again before the second call to
|
||
|
X509_verify_cert(). The trusted certificate store is set to <strong>store</strong>, the end
|
||
|
entity certificate to be verified is set to <strong>x509</strong> and a set of additional
|
||
|
certificates (which will be untrusted but may be used to build the chain) in
|
||
|
<strong>chain</strong>. Any or all of the <strong>store</strong>, <strong>x509</strong> and <strong>chain</strong> parameters can be
|
||
|
<strong>NULL</strong>.</p>
|
||
|
<p>X509_STORE_CTX_set0_trusted_stack() sets the set of trusted certificates of
|
||
|
<strong>ctx</strong> to <strong>sk</strong>. This is an alternative way of specifying trusted certificates
|
||
|
instead of using an <strong>X509_STORE</strong>.</p>
|
||
|
<p>X509_STORE_CTX_set_cert() sets the certificate to be verified in <strong>ctx</strong> to
|
||
|
<strong>x</strong>.</p>
|
||
|
<p>X509_STORE_CTX_set0_verified_chain() sets the validated chain used
|
||
|
by <strong>ctx</strong> to be <strong>chain</strong>.
|
||
|
Ownership of the chain is transferred to <strong>ctx</strong> and should not be
|
||
|
free'd by the caller.
|
||
|
X509_STORE_CTX_get0_chain() returns a the internal pointer used by the
|
||
|
<strong>ctx</strong> that contains the validated chain.</p>
|
||
|
<p>X509_STORE_CTX_set0_crls() sets a set of CRLs to use to aid certificate
|
||
|
verification to <strong>sk</strong>. These CRLs will only be used if CRL verification is
|
||
|
enabled in the associated <strong>X509_VERIFY_PARAM</strong> structure. This might be
|
||
|
used where additional "useful" CRLs are supplied as part of a protocol,
|
||
|
for example in a PKCS#7 structure.</p>
|
||
|
<p>X509_STORE_CTX_get0_param() retrieves an internal pointer
|
||
|
to the verification parameters associated with <strong>ctx</strong>.</p>
|
||
|
<p>X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the
|
||
|
stack of untrusted certificates associated with <strong>ctx</strong>.</p>
|
||
|
<p>X509_STORE_CTX_set0_untrusted() sets the internal point to the stack
|
||
|
of untrusted certificates associated with <strong>ctx</strong> to <strong>sk</strong>.</p>
|
||
|
<p>X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
|
||
|
to <strong>param</strong>. After this call <strong>param</strong> should not be used.</p>
|
||
|
<p>X509_STORE_CTX_set_default() looks up and sets the default verification
|
||
|
method to <strong>name</strong>. This uses the function X509_VERIFY_PARAM_lookup() to
|
||
|
find an appropriate set of parameters from <strong>name</strong>.</p>
|
||
|
<p>X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
|
||
|
that were used in building the chain following a call to X509_verify_cert().</p>
|
||
|
<p>X509_STORE_CTX_set_verify() provides the capability for overriding the default
|
||
|
verify function. This function is responsible for verifying chain signatures and
|
||
|
expiration times.</p>
|
||
|
<p>A verify function is defined as an X509_STORE_CTX_verify type which has the
|
||
|
following signature:</p>
|
||
|
<pre>
|
||
|
int (*verify)(X509_STORE_CTX *);</pre>
|
||
|
<p>This function should receive the current X509_STORE_CTX as a parameter and
|
||
|
return 1 on success or 0 on failure.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="notes">NOTES</a></h1>
|
||
|
<p>The certificates and CRLs in a store are used internally and should <strong>not</strong>
|
||
|
be freed up until after the associated <strong>X509_STORE_CTX</strong> is freed.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="bugs">BUGS</a></h1>
|
||
|
<p>The certificates and CRLs in a context are used internally and should <strong>not</strong>
|
||
|
be freed up until after the associated <strong>X509_STORE_CTX</strong> is freed. Copies
|
||
|
should be made or reference counts increased instead.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
||
|
<p>X509_STORE_CTX_new() returns an newly allocates context or <strong>NULL</strong> is an
|
||
|
error occurred.</p>
|
||
|
<p>X509_STORE_CTX_init() returns 1 for success or 0 if an error occurred.</p>
|
||
|
<p>X509_STORE_CTX_get0_param() returns a pointer to an <strong>X509_VERIFY_PARAM</strong>
|
||
|
structure or <strong>NULL</strong> if an error occurred.</p>
|
||
|
<p>X509_STORE_CTX_cleanup(), X509_STORE_CTX_free(),
|
||
|
X509_STORE_CTX_set0_trusted_stack(),
|
||
|
X509_STORE_CTX_set_cert(),
|
||
|
X509_STORE_CTX_set0_crls() and X509_STORE_CTX_set0_param() do not return
|
||
|
values.</p>
|
||
|
<p>X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred.</p>
|
||
|
<p>X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates
|
||
|
used.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
||
|
<p><em>X509_verify_cert(3)</em>
|
||
|
<em>X509_VERIFY_PARAM_set_flags(3)</em></p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="history">HISTORY</a></h1>
|
||
|
<p>The X509_STORE_CTX_set0_crls() function was added in OpenSSL 1.0.0.
|
||
|
The X509_STORE_CTX_get_num_untrusted() function was added in OpenSSL 1.1.0.</p>
|
||
|
<p>
|
||
|
</p>
|
||
|
<hr />
|
||
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
||
|
<p>Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.</p>
|
||
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file LICENSE in the source distribution or at
|
||
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
||
|
|
||
|
</body>
|
||
|
|
||
|
</html>
|