*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->NetBSD man pages -> SSL_CTX_set_cert_store (3)              
Title
Content
Arch
Section
 

SSL_CTX_set_cert_store(3)

Contents


NAME    [Toc]    [Back]

       SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate
 X509 certificate verification storage

LIBRARY    [Toc]    [Back]

       libcrypto, -lcrypto

SYNOPSIS    [Toc]    [Back]

        #include <openssl/ssl.h>

        void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
        X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);

DESCRIPTION    [Toc]    [Back]

       SSL_CTX_set_cert_store() sets/replaces the certificate
       verification storage of ctx to/with store. If another
       X505_STORE object is currently set in ctx, it will be
       X509_STORE_free()ed.

       SSL_CTX_get_cert_store() returns a pointer to the current
       certificate verification storage.

NOTES    [Toc]    [Back]

       In order to verify the certificates presented by the peer,
       trusted CA certificates must be accessed. These CA certificates
 are made available via lookup methods, handled
       inside the X509_STORE. From the X509_STORE the
       X509_STORE_CTX used when verifying certificates is created.


       Typically the trusted certificate store is handled indirectly
 via using SSL_CTX_load_verify_locations(3).  Using
       the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store()
       functions it is possible to manipulate the X509_STORE
       object beyond the SSL_CTX_load_verify_locations(3) call.

       Currently no detailed documentation on how to use the
       X509_STORE object is available. Not all members of the
       X509_STORE are used when the verification takes place. So
       will e.g. the verify_callback() be overridden with the
       verify_callback() set via the SSL_CTX_set_verify(3) family
       of functions.  This document must therefore be updated
       when documentation about the X509_STORE object and its
       handling becomes available.

RETURN VALUES    [Toc]    [Back]

       SSL_CTX_set_cert_store() does not return diagnostic output.


       SSL_CTX_get_cert_store() returns the current setting.

SEE ALSO    [Toc]    [Back]

      
      
       ssl(3), SSL_CTX_load_verify_locations(3), SSL_CTX_set_verify(3)



2002-08-05                    0.9.6g    SSL_CTX_set_cert_store(3)
[ Back ]
 Similar pages
Name OS Title
SSL_CTX_set_cert_store Tru64 Manipulate X509 certificate verification storage.
SSL_get_peer_certificate OpenBSD get the X509 certificate of the peer
SSL_get_peer_certificate Tru64 Get the X509 certificate of the peer
SSL_get_peer_certificate NetBSD get the X509 certificate of the peer
SSL_get_peer_cert_chain NetBSD get the X509 certificate chain of the peer
SSL_get_peer_cert_chain Tru64 Get the X509 certificate chain of the peer
SSL_get_peer_cert_chain OpenBSD get the X509 certificate chain of the peer
SSL_get_verify_result Tru64 Get result of peer certificate verification
SSL_set_verify Tru64 Set peer certificate verification parameters
SSL_set_verify_depth OpenBSD set peer certificate verification parameters
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service