5 X509_STORE_set_lookup_crls_cb,
6 X509_STORE_set_verify_func,
7 X509_STORE_get_cleanup,
8 X509_STORE_set_cleanup,
9 X509_STORE_get_lookup_crls,
10 X509_STORE_set_lookup_crls,
11 X509_STORE_get_lookup_certs,
12 X509_STORE_set_lookup_certs,
13 X509_STORE_get_check_policy,
14 X509_STORE_set_check_policy,
15 X509_STORE_get_cert_crl,
16 X509_STORE_set_cert_crl,
17 X509_STORE_get_check_crl,
18 X509_STORE_set_check_crl,
19 X509_STORE_get_get_crl,
20 X509_STORE_set_get_crl,
21 X509_STORE_get_check_revocation,
22 X509_STORE_set_check_revocation,
23 X509_STORE_get_check_issued,
24 X509_STORE_set_check_issued,
25 X509_STORE_get_get_issuer,
26 X509_STORE_set_get_issuer,
27 X509_STORE_CTX_get_verify,
28 X509_STORE_set_verify,
29 X509_STORE_get_verify_cb,
30 X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
31 X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
32 X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
33 X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
34 X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
35 X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
36 - set verification callback
40 #include <openssl/x509_vfy.h>
42 typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
43 X509_STORE_CTX *ctx, X509 *x);
44 typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
45 X509 *x, X509 *issuer);
46 typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
47 typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
48 X509_CRL **crl, X509 *x);
49 typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
50 typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
51 X509_CRL *crl, X509 *x);
52 typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
53 typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
55 typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
57 typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
59 void X509_STORE_set_verify_cb(X509_STORE *ctx,
60 X509_STORE_CTX_verify_cb verify_cb);
61 X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE_CTX *ctx);
63 void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
64 X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
66 void X509_STORE_set_get_issuer(X509_STORE *ctx,
67 X509_STORE_CTX_get_issuer_fn get_issuer);
68 X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE_CTX *ctx);
70 void X509_STORE_set_check_issued(X509_STORE *ctx,
71 X509_STORE_CTX_check_issued_fn check_issued);
72 X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE_CTX *ctx);
74 void X509_STORE_set_check_revocation(X509_STORE *ctx,
75 X509_STORE_CTX_check_revocation_fn check_revocation);
76 X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE_CTX *ctx);
78 void X509_STORE_set_get_crl(X509_STORE *ctx,
79 X509_STORE_CTX_get_crl_fn get_crl);
80 X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE_CTX *ctx);
82 void X509_STORE_set_check_crl(X509_STORE *ctx,
83 X509_STORE_CTX_check_crl_fn check_crl);
84 X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE_CTX *ctx);
86 void X509_STORE_set_cert_crl(X509_STORE *ctx,
87 X509_STORE_CTX_cert_crl_fn cert_crl);
88 X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE_CTX *ctx);
90 void X509_STORE_set_check_policy(X509_STORE *ctx,
91 X509_STORE_CTX_check_policy_fn check_policy);
92 X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE_CTX *ctx);
94 void X509_STORE_set_lookup_certs(X509_STORE *ctx,
95 X509_STORE_CTX_lookup_certs_fn lookup_certs);
96 X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE_CTX *ctx);
98 void X509_STORE_set_lookup_crls(X509_STORE *ctx,
99 X509_STORE_CTX_lookup_crls_fn lookup_crls);
100 X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE_CTX *ctx);
102 void X509_STORE_set_cleanup(X509_STORE *ctx,
103 X509_STORE_CTX_cleanup_fn cleanup);
104 X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE_CTX *ctx);
107 void X509_STORE_set_verify_cb_func(X509_STORE *st,
108 X509_STORE_CTX_verify_cb verify_cb);
109 void X509_STORE_set_verify_func(X509_STORE *ctx,
110 X509_STORE_CTX_verify_fn verify);
111 void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
112 X509_STORE_CTX_lookup_crls_fn lookup_crls);
116 X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
117 B<verify_cb> overwriting the previous callback.
118 The callback assigned with this function becomes a default for the one
119 that can be assigned directly to the corresponding B<X509_STORE_CTX>,
120 please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
122 X509_STORE_set_verify() sets the final chain verification function for
124 Its purpose is to go through the chain of certificates and check that
125 all signatures are valid and that the current time is within the
126 limits of each certificate's first and last validity time.
127 The final chain verification functions must return 0 on failure and 1
129 I<If no chain verification function is provided, the internal default
130 function will be used instead.>
132 X509_STORE_set_get_issuer() sets the function to get the issuer
133 certificate that verifies the given certificate B<x>.
134 When found, the issuer certificate must be assigned to B<*issuer>.
135 This function must return 0 on failure and 1 on success.
136 I<If no function to get the issuer is provided, the internal default
137 function will be used instead.>
139 X509_STORE_set_check_issued() sets the function to check that a given
140 certificate B<x> is issued by the issuer certificate B<issuer> and
141 the issuer is not yet in the chain contained in <ctx>, where the exceptional
142 case that B<x> is self-issued and ctx->chain has just one element is allowed.
143 This function must return 0 on failure (among others if B<x> hasn't
144 been issued with B<issuer>) and 1 on success.
145 I<If no function to get the issuer is provided, the internal default
146 function will be used instead.>
148 X509_STORE_set_check_revocation() sets the revocation checking
150 Its purpose is to look through the final chain and check the
151 revocation status for each certificate.
152 It must return 0 on failure and 1 on success.
153 I<If no function to get the issuer is provided, the internal default
154 function will be used instead.>
156 X509_STORE_set_get_crl() sets the function to get the crl for a given
158 When found, the crl must be assigned to B<*crl>.
159 This function must return 0 on failure and 1 on success.
160 I<If no function to get the issuer is provided, the internal default
161 function will be used instead.>
163 X509_STORE_set_check_crl() sets the function to check the validity of
165 This function must return 0 on failure and 1 on success.
166 I<If no function to get the issuer is provided, the internal default
167 function will be used instead.>
169 X509_STORE_set_cert_crl() sets the function to check the revocation
170 status of the given certificate B<x> against the given B<crl>.
171 This function must return 0 on failure and 1 on success.
172 I<If no function to get the issuer is provided, the internal default
173 function will be used instead.>
175 X509_STORE_set_check_policy() sets the function to check the policies
176 of all the certificates in the final chain..
177 This function must return 0 on failure and 1 on success.
178 I<If no function to get the issuer is provided, the internal default
179 function will be used instead.>
181 X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
182 functions to look up all the certs or all the CRLs that match the
184 These functions return NULL on failure and a pointer to a stack of
185 certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
187 I<If no function to get the issuer is provided, the internal default
188 function will be used instead.>
190 X509_STORE_set_cleanup() sets the final cleanup function, which is
191 called when the context (B<X509_STORE_CTX>) is being torn down.
192 This function doesn't return any value.
193 I<If no function to get the issuer is provided, the internal default
194 function will be used instead.>
196 X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
197 X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
198 X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
199 X509_STORE_get_check_crl(), X509_STORE_set_verify(),
200 X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
201 X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
202 X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
203 the function pointer assigned with X509_STORE_set_check_issued(),
204 X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
205 X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
206 X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
207 X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
208 no assignment has been made.
210 X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
211 X509_STORE_set_lookup_crls_cb() are aliases for
212 X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
213 X509_STORE_set_lookup_crls, available as macros for backward
218 All the callbacks from a B<X509_STORE> are inherited by the
219 corresponding B<X509_STORE_CTX> structure when it is initialized.
220 See L<X509_STORE_CTX_set_verify_cb(3)> for further details.
224 The macro version of this function was the only one available before
229 The X509_STORE_set_*() functions do not return a value.
231 The X509_STORE_get_*() functions return a pointer of the appropriate
236 L<X509_STORE_CTX_set_verify_cb(3)>, L<X509_STORE_CTX_get0_chain(3)>,
237 L<X509_STORE_CTX_verify_cb(3)>, L<X509_STORE_CTX_verify_fn(3)>,
242 The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.
245 X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
246 X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
247 X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
248 X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
249 X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
250 X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
251 X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
252 X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
253 X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
254 X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
255 X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
256 X509_STORE_set_cleanup() and X509_STORE_get_cleanup()
257 were added in OpenSSL 1.1.0.
261 Copyright 2009-2020 The OpenSSL Project Authors. All Rights Reserved.
263 Licensed under the OpenSSL license (the "License"). You may not use
264 this file except in compliance with the License. You can obtain a copy
265 in the file LICENSE in the source distribution or at
266 L<https://www.openssl.org/source/license.html>.