5 X509_STORE_set_lookup_crls_cb,
6 X509_STORE_set_verify_func,
7 X509_STORE_get_cleanup,
8 X509_STORE_set_cleanup,
9 X509_STORE_get_lookup_crls,
10 X509_STORE_set_lookup_crls,
11 X509_STORE_get_lookup_certs,
12 X509_STORE_set_lookup_certs,
13 X509_STORE_get_check_policy,
14 X509_STORE_set_check_policy,
15 X509_STORE_get_cert_crl,
16 X509_STORE_set_cert_crl,
17 X509_STORE_get_check_crl,
18 X509_STORE_set_check_crl,
19 X509_STORE_get_get_crl,
20 X509_STORE_set_get_crl,
21 X509_STORE_get_check_revocation,
22 X509_STORE_set_check_revocation,
23 X509_STORE_get_check_issued,
24 X509_STORE_set_check_issued,
25 X509_STORE_get_get_issuer,
26 X509_STORE_set_get_issuer,
27 X509_STORE_CTX_get_verify,
28 X509_STORE_set_verify,
29 X509_STORE_get_verify_cb,
30 X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
31 X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
32 X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
33 X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
34 X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
35 X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
36 - set verification callback
40 #include <openssl/x509_vfy.h>
42 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
43 X509_STORE_CTX *ctx, X509 *x);
44 typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
45 X509 *x, X509 *issuer);
46 typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
47 typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
48 X509_CRL **crl, X509 *x);
49 typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
50 typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
51 X509_CRL *crl, X509 *x);
52 typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
53 typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
55 typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const
58 typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
60 void X509_STORE_set_verify_cb(X509_STORE *ctx,
61 X509_STORE_CTX_verify_cb verify_cb);
62 X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx);
64 void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
65 X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
67 void X509_STORE_set_get_issuer(X509_STORE *ctx,
68 X509_STORE_CTX_get_issuer_fn get_issuer);
69 X509_STORE_CTX_get_issuer_fn
70 X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
72 void X509_STORE_set_check_issued(X509_STORE *ctx,
73 X509_STORE_CTX_check_issued_fn check_issued);
74 X509_STORE_CTX_check_issued_fn
75 X509_STORE_get_check_issued(const X509_STORE_CTX *ctx);
77 void X509_STORE_set_check_revocation(X509_STORE *ctx,
78 X509_STORE_CTX_check_revocation_fn check_revocation);
79 X509_STORE_CTX_check_revocation_fn
80 X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx);
82 void X509_STORE_set_get_crl(X509_STORE *ctx,
83 X509_STORE_CTX_get_crl_fn get_crl);
84 X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx);
86 void X509_STORE_set_check_crl(X509_STORE *ctx,
87 X509_STORE_CTX_check_crl_fn check_crl);
88 X509_STORE_CTX_check_crl_fn
89 X509_STORE_get_check_crl(const X509_STORE_CTX *ctx);
91 void X509_STORE_set_cert_crl(X509_STORE *ctx,
92 X509_STORE_CTX_cert_crl_fn cert_crl);
93 X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx);
95 void X509_STORE_set_check_policy(X509_STORE *ctx,
96 X509_STORE_CTX_check_policy_fn check_policy);
97 X509_STORE_CTX_check_policy_fn
98 X509_STORE_get_check_policy(const X509_STORE_CTX *ctx);
100 void X509_STORE_set_lookup_certs(X509_STORE *ctx,
101 X509_STORE_CTX_lookup_certs_fn lookup_certs);
102 X509_STORE_CTX_lookup_certs_fn
103 X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx);
105 void X509_STORE_set_lookup_crls(X509_STORE *ctx,
106 X509_STORE_CTX_lookup_crls_fn lookup_crls);
107 X509_STORE_CTX_lookup_crls_fn
108 X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx);
110 void X509_STORE_set_cleanup(X509_STORE *ctx,
111 X509_STORE_CTX_cleanup_fn cleanup);
112 X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx);
115 void X509_STORE_set_verify_cb_func(X509_STORE *st,
116 X509_STORE_CTX_verify_cb verify_cb);
117 void X509_STORE_set_verify_func(X509_STORE *ctx,
118 X509_STORE_CTX_verify_fn verify);
119 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
120 X509_STORE_CTX_lookup_crls_fn lookup_crls);
124 X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
125 B<verify_cb> overwriting the previous callback.
126 The callback assigned with this function becomes a default for the one
127 that can be assigned directly to the corresponding B<X509_STORE_CTX>,
128 please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
130 X509_STORE_set_verify() sets the final chain verification function for
132 Its purpose is to go through the chain of certificates and check that
133 all signatures are valid and that the current time is within the
134 limits of each certificate's first and last validity time.
135 The final chain verification functions must return 0 on failure and 1
137 I<If no chain verification function is provided, the internal default
138 function will be used instead.>
140 X509_STORE_set_get_issuer() sets the function to get the issuer
141 certificate that verifies the given certificate B<x>.
142 When found, the issuer certificate must be assigned to B<*issuer>.
143 This function must return 0 on failure and 1 on success.
144 I<If no function to get the issuer is provided, the internal default
145 function will be used instead.>
147 X509_STORE_set_check_issued() sets the function to check that a given
148 certificate B<x> is issued with the issuer certificate B<issuer>.
149 This function must return 0 on failure (among others if B<x> hasn't
150 been issued with B<issuer>) and 1 on success.
151 I<If no function to get the issuer is provided, the internal default
152 function will be used instead.>
154 X509_STORE_set_check_revocation() sets the revocation checking
156 Its purpose is to look through the final chain and check the
157 revocation status for each certificate.
158 It must return 0 on failure and 1 on success.
159 I<If no function to get the issuer is provided, the internal default
160 function will be used instead.>
162 X509_STORE_set_get_crl() sets the function to get the crl for a given
164 When found, the crl must be assigned to B<*crl>.
165 This function must return 0 on failure and 1 on success.
166 I<If no function to get the issuer is provided, the internal default
167 function will be used instead.>
169 X509_STORE_set_check_crl() sets the function to check the validity of
171 This function must return 0 on failure and 1 on success.
172 I<If no function to get the issuer is provided, the internal default
173 function will be used instead.>
175 X509_STORE_set_cert_crl() sets the function to check the revocation
176 status of the given certificate B<x> against the given B<crl>.
177 This function must return 0 on failure and 1 on success.
178 I<If no function to get the issuer is provided, the internal default
179 function will be used instead.>
181 X509_STORE_set_check_policy() sets the function to check the policies
182 of all the certificates in the final chain..
183 This function must return 0 on failure and 1 on success.
184 I<If no function to get the issuer is provided, the internal default
185 function will be used instead.>
187 X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
188 functions to look up all the certs or all the CRLs that match the
190 These functions return NULL on failure and a pointer to a stack of
191 certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
193 I<If no function to get the issuer is provided, the internal default
194 function will be used instead.>
196 X509_STORE_set_cleanup() sets the final cleanup function, which is
197 called when the context (B<X509_STORE_CTX>) is being torn down.
198 This function doesn't return any value.
199 I<If no function to get the issuer is provided, the internal default
200 function will be used instead.>
202 X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
203 X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
204 X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
205 X509_STORE_get_check_crl(), X509_STORE_set_verify(),
206 X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
207 X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
208 X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
209 the function pointer assigned with X509_STORE_set_check_issued(),
210 X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
211 X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
212 X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
213 X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
214 no assignment has been made.
216 X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
217 X509_STORE_set_lookup_crls_cb() are aliases for
218 X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
219 X509_STORE_set_lookup_crls, available as macros for backward
224 All the callbacks from a B<X509_STORE> are inherited by the
225 corresponding B<X509_STORE_CTX> structure when it is initialized.
226 See L<X509_STORE_CTX_set_verify_cb(3)> for further details.
230 The macro version of this function was the only one available before
235 The X509_STORE_set_*() functions do not return a value.
237 The X509_STORE_get_*() functions return a pointer of the appropriate
242 L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
243 L<X509_STORE_CTX_verify_cb(3)>, L<X509_STORE_CTX_verify_fn(3)>,
248 The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.
251 X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
252 X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
253 X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
254 X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
255 X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
256 X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
257 X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
258 X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
259 X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
260 X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
261 X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
262 X509_STORE_set_cleanup() and X509_STORE_get_cleanup()
263 were added in OpenSSL 1.1.0.
267 Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
269 Licensed under the Apache License 2.0 (the "License"). You may not use
270 this file except in compliance with the License. You can obtain a copy
271 in the file LICENSE in the source distribution or at
272 L<https://www.openssl.org/source/license.html>.