HEX
Server: nginx/1.28.1
System: Linux 10-41-63-61 6.8.0-31-generic #31-Ubuntu SMP PREEMPT_DYNAMIC Sat Apr 20 00:40:06 UTC 2024 x86_64
User: www (1001)
PHP: 7.4.33
Disabled: passthru,exec,system,putenv,chroot,chgrp,chown,shell_exec,popen,proc_open,pcntl_exec,ini_alter,ini_restore,dl,openlog,syslog,readlink,symlink,popepassthru,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,imap_open,apache_setenv
$ pwd: /usr/local/openssl/man/man3/
Upload Files
File: //usr/local/openssl/man/man3/X509_STORE_CTX_set0_param.3
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
.    if \nF \{\
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{\
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_new 3"
.TH X509_STORE_CTX_new 3 2019-12-20 1.0.2u OpenSSL
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX initialisation
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509_vfy.h>
\&
\& X509_STORE_CTX *X509_STORE_CTX_new(void);
\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
\&
\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
\&                         X509 *x509, STACK_OF(X509) *chain);
\&
\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
\&
\& void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
\& void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
\& void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
\&
\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use
by \fBX509_verify_cert()\fR.
.PP
\&\fBX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
.PP
\&\fBX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
The context can then be reused with an new call to \fBX509_STORE_CTX_init()\fR.
.PP
\&\fBX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
is no longer valid.
.PP
\&\fBX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
It must be called before each call to \fBX509_verify_cert()\fR, i.e. a \fBctx\fR is only
good for one call to \fBX509_verify_cert()\fR; if you want to verify a second
certificate with the same \fBctx\fR then you must call \fBX509_STORE_CTX_cleanup()\fR
and then \fBX509_STORE_CTX_init()\fR again before the second call to
\&\fBX509_verify_cert()\fR. The trusted certificate store is set to \fBstore\fR, the end
entity certificate to be verified is set to \fBx509\fR and a set of additional
certificates (which will be untrusted but may be used to build the chain) in
\&\fBchain\fR. Any or all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be
\&\fBNULL\fR.
.PP
\&\fBX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR
to \fBsk\fR. This is an alternative way of specifying trusted certificates 
instead of using an \fBX509_STORE\fR.
.PP
\&\fBX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to
\&\fBx\fR.
.PP
\&\fBX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR
to \fBsk\fR.
.PP
\&\fBX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
verification to \fBsk\fR. These CRLs will only be used if CRL verification is
enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be
used where additional "useful" CRLs are supplied as part of a protocol,
for example in a PKCS#7 structure.
.PP
X509_VERIFY_PARAM *\fBX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer
to the verification parameters associated with \fBctx\fR.
.PP
\&\fBX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer
to \fBparam\fR. After this call \fBparam\fR should not be used.
.PP
\&\fBX509_STORE_CTX_set_default()\fR looks up and sets the default verification
method to \fBname\fR. This uses the function \fBX509_VERIFY_PARAM_lookup()\fR to
find an appropriate set of parameters from \fBname\fR.
.SH NOTES
.IX Header "NOTES"
The certificates and CRLs in a store are used internally and should \fBnot\fR
be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy
applications might implicitly use an \fBX509_STORE_CTX\fR like this:
.PP
.Vb 2
\&  X509_STORE_CTX ctx;
\&  X509_STORE_CTX_init(&ctx, store, cert, chain);
.Ve
.PP
this is \fBnot\fR recommended in new applications they should instead do:
.PP
.Vb 5
\&  X509_STORE_CTX *ctx;
\&  ctx = X509_STORE_CTX_new();
\&  if (ctx == NULL)
\&        /* Bad error */
\&  X509_STORE_CTX_init(ctx, store, cert, chain);
.Ve
.SH BUGS
.IX Header "BUGS"
The certificates and CRLs in a context are used internally and should \fBnot\fR
be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
should be made or reference counts increased instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fBX509_STORE_CTX_new()\fR returns an newly allocates context or \fBNULL\fR is an
error occurred.
.PP
\&\fBX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
.PP
\&\fBX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
structure or \fBNULL\fR if an error occurred.
.PP
\&\fBX509_STORE_CTX_cleanup()\fR, \fBX509_STORE_CTX_free()\fR, \fBX509_STORE_CTX_trusted_stack()\fR,
\&\fBX509_STORE_CTX_set_cert()\fR, \fBX509_STORE_CTX_set_chain()\fR,
\&\fBX509_STORE_CTX_set0_crls()\fR and \fBX509_STORE_CTX_set0_param()\fR do not return
values.
.PP
\&\fBX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBX509_verify_cert\fR\|(3)
\&\fBX509_VERIFY_PARAM_set_flags\fR\|(3)
.SH HISTORY
.IX Header "HISTORY"
\&\fBX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0
@ Telegram