296 lines
13 KiB
HTML
Executable File
296 lines
13 KiB
HTML
Executable File
<?xml version="1.0" ?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>X509_STORE_set_verify_cb_func</title>
|
|
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
|
|
<link rev="made" href="mailto:root@localhost" />
|
|
</head>
|
|
|
|
<body style="background-color: white">
|
|
|
|
|
|
<!-- INDEX BEGIN -->
|
|
<div name="index">
|
|
<p><a name="__index__"></a></p>
|
|
|
|
<ul>
|
|
|
|
<li><a href="#name">NAME</a></li>
|
|
<li><a href="#synopsis">SYNOPSIS</a></li>
|
|
<li><a href="#description">DESCRIPTION</a></li>
|
|
<li><a href="#notes">NOTES</a></li>
|
|
<li><a href="#bugs">BUGS</a></li>
|
|
<li><a href="#return_values">RETURN VALUES</a></li>
|
|
<li><a href="#see_also">SEE ALSO</a></li>
|
|
<li><a href="#history">HISTORY</a></li>
|
|
<li><a href="#copyright">COPYRIGHT</a></li>
|
|
</ul>
|
|
|
|
<hr name="index" />
|
|
</div>
|
|
<!-- INDEX END -->
|
|
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="name">NAME</a></h1>
|
|
<p>X509_STORE_set_lookup_crls_cb,
|
|
X509_STORE_set_verify_func,
|
|
X509_STORE_get_cleanup,
|
|
X509_STORE_set_cleanup,
|
|
X509_STORE_get_lookup_crls,
|
|
X509_STORE_set_lookup_crls,
|
|
X509_STORE_get_lookup_certs,
|
|
X509_STORE_set_lookup_certs,
|
|
X509_STORE_get_check_policy,
|
|
X509_STORE_set_check_policy,
|
|
X509_STORE_get_cert_crl,
|
|
X509_STORE_set_cert_crl,
|
|
X509_STORE_get_check_crl,
|
|
X509_STORE_set_check_crl,
|
|
X509_STORE_get_get_crl,
|
|
X509_STORE_set_get_crl,
|
|
X509_STORE_get_check_revocation,
|
|
X509_STORE_set_check_revocation,
|
|
X509_STORE_get_check_issued,
|
|
X509_STORE_set_check_issued,
|
|
X509_STORE_get_get_issuer,
|
|
X509_STORE_set_get_issuer,
|
|
X509_STORE_CTX_get_verify,
|
|
X509_STORE_set_verify,
|
|
X509_STORE_get_verify_cb,
|
|
X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
|
|
X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
|
|
X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
|
|
X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
|
|
X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
|
|
X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
|
|
- set verification callback</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="synopsis">SYNOPSIS</a></h1>
|
|
<pre>
|
|
#include <openssl/x509_vfy.h></pre>
|
|
<pre>
|
|
typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
|
|
X509_STORE_CTX *ctx, X509 *x);
|
|
typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
|
|
X509 *x, X509 *issuer);
|
|
typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
|
|
typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
|
|
X509_CRL **crl, X509 *x);
|
|
typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
|
|
typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
|
|
X509_CRL *crl, X509 *x);
|
|
typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
|
|
typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
|
|
X509_NAME *nm);
|
|
typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
|
|
X509_NAME *nm);
|
|
typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_verify_cb(X509_STORE *ctx,
|
|
X509_STORE_CTX_verify_cb verify_cb);
|
|
X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
|
|
X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_get_issuer(X509_STORE *ctx,
|
|
X509_STORE_CTX_get_issuer_fn get_issuer);
|
|
X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_check_issued(X509_STORE *ctx,
|
|
X509_STORE_CTX_check_issued_fn check_issued);
|
|
X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_check_revocation(X509_STORE *ctx,
|
|
X509_STORE_CTX_check_revocation_fn check_revocation);
|
|
X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_get_crl(X509_STORE *ctx,
|
|
X509_STORE_CTX_get_crl_fn get_crl);
|
|
X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_check_crl(X509_STORE *ctx,
|
|
X509_STORE_CTX_check_crl_fn check_crl);
|
|
X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_cert_crl(X509_STORE *ctx,
|
|
X509_STORE_CTX_cert_crl_fn cert_crl);
|
|
X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_check_policy(X509_STORE *ctx,
|
|
X509_STORE_CTX_check_policy_fn check_policy);
|
|
X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_lookup_certs(X509_STORE *ctx,
|
|
X509_STORE_CTX_lookup_certs_fn lookup_certs);
|
|
X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_lookup_crls(X509_STORE *ctx,
|
|
X509_STORE_CTX_lookup_crls_fn lookup_crls);
|
|
X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
void X509_STORE_set_cleanup(X509_STORE *ctx,
|
|
X509_STORE_CTX_cleanup_fn cleanup);
|
|
X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);</pre>
|
|
<pre>
|
|
/* Aliases */
|
|
void X509_STORE_set_verify_cb_func(X509_STORE *st,
|
|
X509_STORE_CTX_verify_cb verify_cb);
|
|
void X509_STORE_set_verify_func(X509_STORE *ctx,
|
|
X509_STORE_CTX_verify_fn verify);
|
|
void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
|
|
X509_STORE_CTX_lookup_crls_fn lookup_crls);</pre>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="description">DESCRIPTION</a></h1>
|
|
<p>X509_STORE_set_verify_cb() sets the verification callback of <strong>ctx</strong> to
|
|
<strong>verify_cb</strong> overwriting the previous callback.
|
|
The callback assigned with this function becomes a default for the one
|
|
that can be assigned directly to the corresponding <strong>X509_STORE_CTX</strong>,
|
|
please see <em>X509_STORE_CTX_set_verify_cb(3)</em> for further information.</p>
|
|
<p>X509_STORE_set_verify() sets the final chain verification function for
|
|
<strong>ctx</strong> to <strong>verify</strong>.
|
|
Its purpose is to go through the chain of certificates and check that
|
|
all signatures are valid and that the current time is within the
|
|
limits of each certificate's first and last validity time.
|
|
The final chain verification functions must return 0 on failure and 1
|
|
on success.
|
|
<em>If no chain verification function is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_get_issuer() sets the function to get the issuer
|
|
certificate that verifies the given certificate <strong>x</strong>.
|
|
When found, the issuer certificate must be assigned to <strong>*issuer</strong>.
|
|
This function must return 0 on failure and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_check_issued() sets the function to check that a given
|
|
certificate <strong>x</strong> is issued with the issuer certificate <strong>issuer</strong>.
|
|
This function must return 0 on failure (among others if <strong>x</strong> hasn't
|
|
been issued with <strong>issuer</strong>) and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_check_revocation() sets the revocation checking
|
|
function.
|
|
Its purpose is to look through the final chain and check the
|
|
revocation status for each certificate.
|
|
It must return 0 on failure and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_get_crl() sets the function to get the crl for a given
|
|
certificate <strong>x</strong>.
|
|
When found, the crl must be assigned to <strong>*crl</strong>.
|
|
This function must return 0 on failure and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_check_crl() sets the function to check the validity of
|
|
the given <strong>crl</strong>.
|
|
This function must return 0 on failure and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_cert_crl() sets the function to check the revocation
|
|
status of the given certificate <strong>x</strong> against the given <strong>crl</strong>.
|
|
This function must return 0 on failure and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_check_policy() sets the function to check the policies
|
|
of all the certificates in the final chain..
|
|
This function must return 0 on failure and 1 on success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
|
|
functions to look up all the certs or all the CRLs that match the
|
|
given name <strong>nm</strong>.
|
|
These functions return NULL on failure and a pointer to a stack of
|
|
certificates (<strong>X509</strong>) or to a stack of CRLs (<strong>X509_CRL</strong>) on
|
|
success.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_set_cleanup() sets the final cleanup function, which is
|
|
called when the context (<strong>X509_STORE_CTX</strong>) is being torn down.
|
|
This function doesn't return any value.
|
|
<em>If no function to get the issuer is provided, the internal default
|
|
function will be used instead.</em></p>
|
|
<p>X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
|
|
X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
|
|
X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
|
|
X509_STORE_get_check_crl(), X509_STORE_set_verify(),
|
|
X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
|
|
X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
|
|
X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
|
|
the function pointer assigned with X509_STORE_set_check_issued(),
|
|
X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
|
|
X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
|
|
X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
|
|
X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
|
|
no assignment has been made.</p>
|
|
<p>X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
|
|
X509_STORE_set_lookup_crls_cb() are aliases for
|
|
X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
|
|
X509_STORE_set_lookup_crls, available as macros for backward
|
|
compatibility.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="notes">NOTES</a></h1>
|
|
<p>All the callbacks from a <strong>X509_STORE</strong> are inherited by the
|
|
corresponding <strong>X509_STORE_CTX</strong> structure when it is initialized.
|
|
See <em>X509_STORE_CTX_set_verify_cb(3)</em> for further details.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="bugs">BUGS</a></h1>
|
|
<p>The macro version of this function was the only one available before
|
|
OpenSSL 1.0.0.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="return_values">RETURN VALUES</a></h1>
|
|
<p>The X509_STORE_set_*() functions do not return a value.</p>
|
|
<p>The X509_STORE_get_*() functions return a pointer of the appropriate
|
|
function type.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="see_also">SEE ALSO</a></h1>
|
|
<p><em>X509_STORE_CTX_set_verify_cb(3)</em>, <em>X509_STORE_CTX_get0_chain(3)</em>,
|
|
<em>X509_STORE_CTX_verify_cb(3)</em>, <em>X509_STORE_CTX_verify_fn(3)</em>,
|
|
<em>CMS_verify(3)</em></p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="history">HISTORY</a></h1>
|
|
<p>The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.</p>
|
|
<p>The functions
|
|
X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
|
|
X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
|
|
X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
|
|
X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
|
|
X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
|
|
X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
|
|
X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
|
|
X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
|
|
X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
|
|
X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
|
|
X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
|
|
X509_STORE_set_cleanup() and X509_STORE_get_cleanup()
|
|
were added in OpenSSL 1.1.0.</p>
|
|
<p>
|
|
</p>
|
|
<hr />
|
|
<h1><a name="copyright">COPYRIGHT</a></h1>
|
|
<p>Copyright 2009-2016 The OpenSSL Project Authors. All Rights Reserved.</p>
|
|
<p>Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
<a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
|
|
|
|
</body>
|
|
|
|
</html>
|