X509_STORE_CTX_new(3) OpenSSL X509_STORE_CTX_new(3) NNAAMMEE X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default - X509_STORE_CTX initialisation SSYYNNOOPPSSIISS #include X509_STORE_CTX *X509_STORE_CTX_new(void); void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); void X509_STORE_CTX_free(X509_STORE_CTX *ctx); int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, STACK_OF(X509) *chain); void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x); void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk); void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk); X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx); void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param); int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name); DDEESSCCRRIIPPTTIIOONN These functions initialise an XX550099__SSTTOORREE__CCTTXX structure for subsequent use by _X_5_0_9___v_e_r_i_f_y___c_e_r_t_(_). _X_5_0_9___S_T_O_R_E___C_T_X___n_e_w_(_) returns a newly initialised XX550099__SSTTOORREE__CCTTXX struc- ture. _X_5_0_9___S_T_O_R_E___C_T_X___c_l_e_a_n_u_p_(_) internally cleans up an XX550099__SSTTOORREE__CCTTXX struc- ture. The context can then be reused with an new call to _X_5_0_9___S_T_O_R_E___C_T_X___i_n_i_t_(_). _X_5_0_9___S_T_O_R_E___C_T_X___f_r_e_e_(_) completely frees up ccttxx. After this call ccttxx is no longer valid. _X_5_0_9___S_T_O_R_E___C_T_X___i_n_i_t_(_) sets up ccttxx for a subsequent verification opera- tion. It must be called before each call to _X_5_0_9___v_e_r_i_f_y___c_e_r_t_(_), i.e. a ccttxx is only good for one call to _X_5_0_9___v_e_r_i_f_y___c_e_r_t_(_); if you want to verify a second certificate with the same ccttxx then you must call _X_5_0_9___S_T_O_R_E___C_T_X___c_l_e_a_n_u_p_(_) and then _X_5_0_9___S_T_O_R_E___C_T_X___i_n_i_t_(_) again before the second call to _X_5_0_9___v_e_r_i_f_y___c_e_r_t_(_). The trusted certificate store is set to ssttoorree, the end entity certificate to be verified is set to xx550099 and a set of additional certificates (which will be untrusted but may be used to build the chain) in cchhaaiinn. Any or all of the ssttoorree, xx550099 and cchhaaiinn parameters can be NNUULLLL. _X_5_0_9___S_T_O_R_E___C_T_X___t_r_u_s_t_e_d___s_t_a_c_k_(_) sets the set of trusted certificates of ccttxx to sskk. This is an alternative way of specifying trusted certifi- cates instead of using an XX550099__SSTTOORREE. _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t___c_e_r_t_(_) sets the certificate to be vertified in ccttxx to xx. _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t___c_h_a_i_n_(_) sets the additional certificate chain used by ccttxx to sskk. _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t_0___c_r_l_s_(_) sets a set of CRLs to use to aid certificate verification to sskk. These CRLs will only be used if CRL verification is enabled in the associated XX550099__VVEERRIIFFYY__PPAARRAAMM structure. This might be used where additional "useful" CRLs are supplied as part of a protocol, for example in a PKCS#7 structure. X509_VERIFY_PARAM *_X_5_0_9___S_T_O_R_E___C_T_X___g_e_t_0___p_a_r_a_m_(_) retrieves an intenal pointer to the verification parameters associated with ccttxx. _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t_0___p_a_r_a_m_(_) sets the intenal verification parameter pointer to ppaarraamm. After this call ppaarraamm should not be used. _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t___d_e_f_a_u_l_t_(_) looks up and sets the default verification method to nnaammee. This uses the function _X_5_0_9___V_E_R_I_F_Y___P_A_R_A_M___l_o_o_k_u_p_(_) to find an appropriate set of parameters from nnaammee. NNOOTTEESS The certificates and CRLs in a store are used internally and should nnoott be freed up until after the associated XX550099__SSTTOORREE__CCTTXX is freed. Legacy applications might implicitly use an XX550099__SSTTOORREE__CCTTXX like this: X509_STORE_CTX ctx; X509_STORE_CTX_init(&ctx, store, cert, chain); this is nnoott recommended in new applications they should instead do: X509_STORE_CTX *ctx; ctx = X509_STORE_CTX_new(); if (ctx == NULL) /* Bad error */ X509_STORE_CTX_init(ctx, store, cert, chain); BBUUGGSS The certificates and CRLs in a context are used internally and should nnoott be freed up until after the associated XX550099__SSTTOORREE__CCTTXX is freed. Copies should be made or reference counts increased instead. RREETTUURRNN VVAALLUUEESS _X_5_0_9___S_T_O_R_E___C_T_X___n_e_w_(_) returns an newly allocates context or NNUULLLL is an error occurred. _X_5_0_9___S_T_O_R_E___C_T_X___i_n_i_t_(_) returns 1 for success or 0 if an error occurred. _X_5_0_9___S_T_O_R_E___C_T_X___g_e_t_0___p_a_r_a_m_(_) returns a pointer to an XX550099__VVEERRIIFFYY__PPAARRAAMM structure or NNUULLLL if an error occurred. _X_5_0_9___S_T_O_R_E___C_T_X___c_l_e_a_n_u_p_(_), _X_5_0_9___S_T_O_R_E___C_T_X___f_r_e_e_(_), _X_5_0_9___S_T_O_R_E___C_T_X___t_r_u_s_t_e_d___s_t_a_c_k_(_), _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t___c_e_r_t_(_), _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t___c_h_a_i_n_(_), _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t_0___c_r_l_s_(_) and _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t_0___p_a_r_a_m_(_) do not return values. _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t___d_e_f_a_u_l_t_(_) returns 1 for success or 0 if an error occurred. SSEEEE AALLSSOO _X_5_0_9___v_e_r_i_f_y___c_e_r_t(3) _X_5_0_9___V_E_R_I_F_Y___P_A_R_A_M___s_e_t___f_l_a_g_s(3) HHIISSTTOORRYY _X_5_0_9___S_T_O_R_E___C_T_X___s_e_t_0___c_r_l_s_(_) was first added to OpenSSL 1.0.0 1.0.2u 2019-12-20 X509_STORE_CTX_new(3)