5 X509_STORE_set_lookup_crls_cb,
6 X509_STORE_set_verify_func,
7 X509_STORE_get_cleanup,
8 X509_STORE_set_cleanup,
9 X509_STORE_get_lookup_crls,
10 X509_STORE_set_lookup_crls,
11 X509_STORE_get_lookup_certs,
12 X509_STORE_set_lookup_certs,
13 X509_STORE_get_check_policy,
14 X509_STORE_set_check_policy,
15 X509_STORE_get_cert_crl,
16 X509_STORE_set_cert_crl,
17 X509_STORE_get_check_crl,
18 X509_STORE_set_check_crl,
19 X509_STORE_get_get_crl,
20 X509_STORE_set_get_crl,
21 X509_STORE_get_check_revocation,
22 X509_STORE_set_check_revocation,
23 X509_STORE_get_check_issued,
24 X509_STORE_set_check_issued,
25 X509_STORE_get_get_issuer,
26 X509_STORE_set_get_issuer,
27 X509_STORE_CTX_get_verify,
28 X509_STORE_set_verify,
29 X509_STORE_get_verify_cb,
30 X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
31 X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
32 X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
33 X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
34 X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
35 X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
36 - set verification callback
40 #include <openssl/x509_vfy.h>
42 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
43 X509_STORE_CTX *ctx, X509 *x);
44 typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
45 X509 *x, X509 *issuer);
46 typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
47 typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
48 X509_CRL **crl, X509 *x);
49 typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
50 typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
51 X509_CRL *crl, X509 *x);
52 typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
53 typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
55 typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const
58 typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
60 void X509_STORE_set_verify_cb(X509_STORE *ctx,
61 X509_STORE_CTX_verify_cb verify_cb);
62 X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx);
64 void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
65 X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
67 void X509_STORE_set_get_issuer(X509_STORE *ctx,
68 X509_STORE_CTX_get_issuer_fn get_issuer);
69 X509_STORE_CTX_get_issuer_fn
70 X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
72 void X509_STORE_set_check_issued(X509_STORE *ctx,
73 X509_STORE_CTX_check_issued_fn check_issued);
74 X509_STORE_CTX_check_issued_fn
75 X509_STORE_get_check_issued(const X509_STORE_CTX *ctx);
77 void X509_STORE_set_check_revocation(X509_STORE *ctx,
78 X509_STORE_CTX_check_revocation_fn check_revocation);
79 X509_STORE_CTX_check_revocation_fn
80 X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx);
82 void X509_STORE_set_get_crl(X509_STORE *ctx,
83 X509_STORE_CTX_get_crl_fn get_crl);
84 X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx);
86 void X509_STORE_set_check_crl(X509_STORE *ctx,
87 X509_STORE_CTX_check_crl_fn check_crl);
88 X509_STORE_CTX_check_crl_fn
89 X509_STORE_get_check_crl(const X509_STORE_CTX *ctx);
91 void X509_STORE_set_cert_crl(X509_STORE *ctx,
92 X509_STORE_CTX_cert_crl_fn cert_crl);
93 X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx);
95 void X509_STORE_set_check_policy(X509_STORE *ctx,
96 X509_STORE_CTX_check_policy_fn check_policy);
97 X509_STORE_CTX_check_policy_fn
98 X509_STORE_get_check_policy(const X509_STORE_CTX *ctx);
100 void X509_STORE_set_lookup_certs(X509_STORE *ctx,
101 X509_STORE_CTX_lookup_certs_fn lookup_certs);
102 X509_STORE_CTX_lookup_certs_fn
103 X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx);
105 void X509_STORE_set_lookup_crls(X509_STORE *ctx,
106 X509_STORE_CTX_lookup_crls_fn lookup_crls);
107 X509_STORE_CTX_lookup_crls_fn
108 X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx);
110 void X509_STORE_set_cleanup(X509_STORE *ctx,
111 X509_STORE_CTX_cleanup_fn cleanup);
112 X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx);
115 void X509_STORE_set_verify_cb_func(X509_STORE *st,
116 X509_STORE_CTX_verify_cb verify_cb);
117 void X509_STORE_set_verify_func(X509_STORE *ctx,
118 X509_STORE_CTX_verify_fn verify);
119 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
120 X509_STORE_CTX_lookup_crls_fn lookup_crls);
124 X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
125 B<verify_cb> overwriting the previous callback.
126 The callback assigned with this function becomes a default for the one
127 that can be assigned directly to the corresponding B<X509_STORE_CTX>,
128 please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
130 X509_STORE_set_verify() sets the final chain verification function for
132 Its purpose is to go through the chain of certificates and check that
133 all signatures are valid and that the current time is within the
134 limits of each certificate's first and last validity time.
135 The final chain verification functions must return 0 on failure and 1
137 I<If no chain verification function is provided, the internal default
138 function will be used instead.>
140 X509_STORE_set_get_issuer() sets the function to get the issuer
141 certificate that verifies the given certificate B<x>.
142 When found, the issuer certificate must be assigned to B<*issuer>.
143 This function must return 0 on failure and 1 on success.
144 I<If no function to get the issuer is provided, the internal default
145 function will be used instead.>
147 X509_STORE_set_check_issued() sets the function to check that a given
148 certificate B<x> is issued by the issuer certificate B<issuer> and
149 the issuer is not yet in the chain contained in <ctx>, where the exceptional
150 case that B<x> is self-issued and ctx->chain has just one element is allowed.
151 This function must return 0 on failure (among others if B<x> hasn't
152 been issued with B<issuer>) and 1 on success.
153 I<If no function to get the issuer is provided, the internal default
154 function will be used instead.>
156 X509_STORE_set_check_revocation() sets the revocation checking
158 Its purpose is to look through the final chain and check the
159 revocation status for each certificate.
160 It must return 0 on failure and 1 on success.
161 I<If no function to get the issuer is provided, the internal default
162 function will be used instead.>
164 X509_STORE_set_get_crl() sets the function to get the crl for a given
166 When found, the crl must be assigned to B<*crl>.
167 This function must return 0 on failure and 1 on success.
168 I<If no function to get the issuer is provided, the internal default
169 function will be used instead.>
171 X509_STORE_set_check_crl() sets the function to check the validity of
173 This function must return 0 on failure and 1 on success.
174 I<If no function to get the issuer is provided, the internal default
175 function will be used instead.>
177 X509_STORE_set_cert_crl() sets the function to check the revocation
178 status of the given certificate B<x> against the given B<crl>.
179 This function must return 0 on failure and 1 on success.
180 I<If no function to get the issuer is provided, the internal default
181 function will be used instead.>
183 X509_STORE_set_check_policy() sets the function to check the policies
184 of all the certificates in the final chain..
185 This function must return 0 on failure and 1 on success.
186 I<If no function to get the issuer is provided, the internal default
187 function will be used instead.>
189 X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
190 functions to look up all the certs or all the CRLs that match the
192 These functions return NULL on failure and a pointer to a stack of
193 certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
195 I<If no function to get the issuer is provided, the internal default
196 function will be used instead.>
198 X509_STORE_set_cleanup() sets the final cleanup function, which is
199 called when the context (B<X509_STORE_CTX>) is being torn down.
200 This function doesn't return any value.
201 I<If no function to get the issuer is provided, the internal default
202 function will be used instead.>
204 X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
205 X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
206 X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
207 X509_STORE_get_check_crl(), X509_STORE_set_verify(),
208 X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
209 X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
210 X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
211 the function pointer assigned with X509_STORE_set_check_issued(),
212 X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
213 X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
214 X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
215 X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
216 no assignment has been made.
218 X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
219 X509_STORE_set_lookup_crls_cb() are aliases for
220 X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
221 X509_STORE_set_lookup_crls, available as macros for backward
226 All the callbacks from a B<X509_STORE> are inherited by the
227 corresponding B<X509_STORE_CTX> structure when it is initialized.
228 See L<X509_STORE_CTX_set_verify_cb(3)> for further details.
232 The macro version of this function was the only one available before
237 The X509_STORE_set_*() functions do not return a value.
239 The X509_STORE_get_*() functions return a pointer of the appropriate
244 L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
245 L<X509_STORE_CTX_verify_cb(3)>, L<X509_STORE_CTX_verify_fn(3)>,
250 The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.
253 X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
254 X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
255 X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
256 X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
257 X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
258 X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
259 X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
260 X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
261 X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
262 X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
263 X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
264 X509_STORE_set_cleanup() and X509_STORE_get_cleanup()
265 were added in OpenSSL 1.1.0.
269 Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
271 Licensed under the Apache License 2.0 (the "License"). You may not use
272 this file except in compliance with the License. You can obtain a copy
273 in the file LICENSE in the source distribution or at
274 L<https://www.openssl.org/source/license.html>.