SSLCTXsetcertstore(3) OpenSSL SSLCTXsetcertstore(3)

NAME
       SSLCTXsetcertstore, SSLCTXgetcertstore - manipulate X509
       certificate verification storage

SYNOPSIS
        #include 

        void SSLCTXsetcertstore(SSLCTX *ctx, X509STORE *store);
        X509STORE *SSLCTXgetcertstore(const SSLCTX *ctx);

DESCRIPTION
       SSLCTXsetcertstore() sets/replaces the certificate verification
       storage of ccttxx to/with ssttoorree. If another X509STORE object is currently
       set in ccttxx, it will be X509STOREfree()ed.

       SSLCTXgetcertstore() returns a pointer to the current certificate
       verification storage.

NNOOTTEESS
       In order to verify the certificates presented by the peer, trusted CA
       certificates must be accessed. These CA certificates are made available
       via lookup methods, handled inside the X509STORE. From the X509STORE
       the X509STORECTX used when verifying certificates is created.

       Typically the trusted certificate store is handled indirectly via using
       SSLCTXloadverifylocations(3).  Using the SSLCTXsetcertstore()
       and SSLCTXgetcertstore() functions it is possible to manipulate the
       X509STORE object beyond the SSLCTXloadverifylocations(3) call.

       Currently no detailed documentation on how to use the X509STORE object
       is available. Not all members of the X509STORE are used when the
       verification takes place. So will e.g. the verifycallback() be
       overridden with the verifycallback() set via the SSLCTXsetverify(3)
       family of functions.  This document must therefore be updated when
       documentation about the X509STORE object and its handling becomes
       available.

RETURN VALUES
       SSLCTXsetcertstore() does not return diagnostic output.

       SSLCTXgetcertstore() returns the current setting.

SEE ALSO
       ssl(3), SSLCTXloadverifylocations(3), SSLCTXsetverify(3)



0.9.7l                            2005-03-30         SSLCTXsetcertstore(3)