#use wml::openssl-macros area=docs page=SSL_CTX_set_cert_store

<title>Documents, SSL_CTX_set_cert_store(3)</title>

<h1>SSL_CTX_set_cert_store(3)</h1>

#use wml::imp::generic

{:
## What's this? [[s|(<STRONG>[^<].+?)</A>(</STRONG><DD>)|$1$2|sg]]
[[s|<P>\s+<P>|<P>|sg]]
[[s|<P>\s+</|</|sg]]
[[s|<DD>\s*<DT>|<DD>&nbsp;<DT>|sg]]
[[s|<DD>\s*</DL>|<DD>&nbsp;</DL>|sg]]
[[s|\[|&#91;|sg]]
[[s|\]|&#93;|sg]]

<!-- INDEX BEGIN -->

<UL>

	<LI><A HREF="#NAME">NAME</A>
	<LI><A HREF="#SYNOPSIS">SYNOPSIS</A>
	<LI><A HREF="#DESCRIPTION">DESCRIPTION</A>
	<LI><A HREF="#NOTES">NOTES</A>
	<LI><A HREF="#RETURN_VALUES">RETURN VALUES</A>
	<LI><A HREF="#SEE_ALSO">SEE ALSO</A>
</UL>
<!-- INDEX END -->

<HR>
<P>
<HR>
<H1><A NAME="NAME">NAME</A></H1>
<P>
SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509
certificate verification storage

</P>
<P>
<HR>
<H1><A NAME="SYNOPSIS">SYNOPSIS</A></H1>
<PRE> #include &lt;openssl/ssl.h&gt;
</PRE>
<PRE> void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx);
</PRE>
<P>
<HR>
<H1><A NAME="DESCRIPTION">DESCRIPTION</A></H1>
<P>
<CODE>SSL_CTX_set_cert_store()</CODE> sets/replaces the certificate
verification storage of <STRONG>ctx</STRONG> to/with <STRONG>store</STRONG>. If another X509_STORE object is currently set in <STRONG>ctx</STRONG>, it will be <CODE>X509_STORE_free()ed.</CODE>

</P>
<P>
<CODE>SSL_CTX_get_cert_store()</CODE> returns a pointer to the current
certificate verification storage.

</P>
<P>
<HR>
<H1><A NAME="NOTES">NOTES</A></H1>
<P>
In order to verify the certificates presented by the peer, trusted CA
certificates must be accessed. These CA certificates are made available via
lookup methods, handled inside the X509_STORE. From the X509_STORE the
X509_STORE_CTX used when verifying certificates is created.

</P>
<P>
Typically the trusted certificate store is handled indirectly via using
<A HREF="../ssl/SSL_CTX_load_verify_locations.html#">SSL_CTX_load_verify_locations(3)</A>. Using the <CODE>SSL_CTX_set_cert_store()</CODE> and
<CODE>SSL_CTX_get_cert_store()</CODE> functions it is possible to
manipulate the X509_STORE object beyond the
<A HREF="../ssl/SSL_CTX_load_verify_locations.html#">SSL_CTX_load_verify_locations(3)</A>
call.

</P>
<P>
Currently no detailed documentation on how to use the X509_STORE object is
available. Not all members of the X509_STORE are used when the verification
takes place. So will e.g. the <CODE>verify_callback()</CODE> be overridden
with the <CODE>verify_callback()</CODE> set via the
<A HREF="../ssl/SSL_CTX_set_verify.html#">SSL_CTX_set_verify(3)</A> family of functions. This document must therefore be updated when
documentation about the X509_STORE object and its handling becomes
available.

</P>
<P>
<HR>
<H1><A NAME="RETURN_VALUES">RETURN VALUES</A></H1>
<P>
<CODE>SSL_CTX_set_cert_store()</CODE> does not return diagnostic output.

</P>
<P>
<CODE>SSL_CTX_get_cert_store()</CODE> returns the current setting.

</P>
<P>
<HR>
<H1><A NAME="SEE_ALSO">SEE ALSO</A></H1>
<P>
<A HREF="../ssl/ssl.html#">ssl(3)</A>,
<A HREF="../ssl/SSL_CTX_load_verify_locations.html#">SSL_CTX_load_verify_locations(3)</A>,
<A HREF="../ssl/SSL_CTX_set_verify.html#">SSL_CTX_set_verify(3)</A>



</P>
:}