SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store,
SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store,
SSL_set0_verify_cert_store, SSL_set1_verify_cert_store,
-SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate
+SSL_set0_chain_cert_store, SSL_set1_chain_cert_store,
+SSL_CTX_get0_verify_cert_store, SSL_CTX_get0_chain_cert_store,
+SSL_get0_verify_cert_store, SSL_get0_chain_cert_store - set certificate
verification or chain store
=head1 SYNOPSIS
int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st);
int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st);
+ int SSL_CTX_get0_verify_cert_store(SSL_CTX *ctx, X509_STORE **st);
+ int SSL_CTX_get0_chain_cert_store(SSL_CTX *ctx, X509_STORE **st);
int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st);
int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st);
int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st);
int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st);
+ int SSL_get0_verify_cert_store(SSL *ctx, X509_STORE **st);
+ int SSL_get0_chain_cert_store(SSL *ctx, X509_STORE **st);
=head1 DESCRIPTION
SSL_set0_chain_cert_store() and SSL_set1_chain_cert_store() are similar
except they apply to SSL structure B<ssl>.
+SSL_CTX_get0_verify_chain_store(), SSL_get0_verify_chain_store(),
+SSL_CTX_get0_chain_cert_store() and SSL_get0_chain_cert_store() retrieve the
+objects previously set via the above calls. A pointer to the object (or NULL if
+no such object has been set) is written to B<*st>.
+
All these functions are implemented as macros. Those containing a B<1>
increment the reference count of the supplied store so it must
be freed at some point after the operation. Those containing a B<0> do
any client certificate chain.
The chain store is used to build the certificate chain.
+Details of the chain building and checking process are described in
+L<openssl-verification-options(1)/Certification Path Building> and
+L<openssl-verification-options(1)/Certification Path Validation>.
If the mode B<SSL_MODE_NO_AUTO_CHAIN> is set or a certificate chain is
configured already (for example using the functions such as
=head1 SEE ALSO
+L<ssl(7)>,
L<SSL_CTX_add_extra_chain_cert(3)>
L<SSL_CTX_set0_chain(3)>
L<SSL_CTX_set1_chain(3)>
=head1 HISTORY
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
=head1 COPYRIGHT
-Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.