Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libcrypto / man / X509_STORE_CTX_new.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
01185282
PA
2.\"
3.\" Standard preamble:
4.\" ========================================================================
5.de Sp \" Vertical space (when we can't use .PP)
6.if t .sp .5v
7.if n .sp
8..
9.de Vb \" Begin verbatim text
10.ft CW
11.nf
12.ne \\$1
13..
14.de Ve \" End verbatim text
15.ft R
16.fi
17..
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
26.ie n \{\
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
35'br\}
36.el\{\
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
41'br\}
42.\"
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
47.\" If the F register is turned on, we'll generate index entries on stderr for
48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
51.ie \nF \{\
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
54..
55. nr % 0
56. rr F
57.\}
58.el \{\
59. de IX
60..
61.\}
62.\"
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
66.if n \{\
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
72.\}
73.if t \{\
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
79.\}
80. \" simple accents for nroff and troff
81.if n \{\
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
88.\}
89.if t \{\
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
96.\}
97. \" troff and (daisy-wheel) nroff accents
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
107. \" corrections for vroff
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
110. \" for low resolution devices (crt and lpr)
111.if \n(.H>23 .if \n(.V>19 \
112\{\
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
122.\}
123.rm #[ #] #H #V #F C
124.\" ========================================================================
125.\"
126.IX Title "X509_STORE_CTX_new 3"
e3261593 127.TH X509_STORE_CTX_new 3 "2012-01-04" "1.0.0f" "OpenSSL"
01185282
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
132.SH "NAME"
133X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX initialisation
134.SH "SYNOPSIS"
135.IX Header "SYNOPSIS"
136.Vb 1
137\& #include <openssl/x509_vfy.h>
138\&
139\& X509_STORE_CTX *X509_STORE_CTX_new(void);
140\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
141\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
142\&
143\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
144\& X509 *x509, STACK_OF(X509) *chain);
145\&
146\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
147\&
148\& void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
149\& void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
150\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
151\&
152\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
153\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
154\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
155.Ve
156.SH "DESCRIPTION"
157.IX Header "DESCRIPTION"
158These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use
159by \fIX509_verify_cert()\fR.
160.PP
161\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
162.PP
163\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
164The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR.
165.PP
166\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
167is no longer valid.
168.PP
169\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
170The trusted certificate store is set to \fBstore\fR, the end entity certificate
171to be verified is set to \fBx509\fR and a set of additional certificates (which
172will be untrusted but may be used to build the chain) in \fBchain\fR. Any or
173all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \fB\s-1NULL\s0\fR.
174.PP
175\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR
176to \fBsk\fR. This is an alternative way of specifying trusted certificates
177instead of using an \fBX509_STORE\fR.
178.PP
179\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to
180\&\fBx\fR.
181.PP
182\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR
183to \fBsk\fR.
184.PP
185\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
186verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is
187enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be
188used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol,
189for example in a PKCS#7 structure.
190.PP
191X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer
192to the verification parameters associated with \fBctx\fR.
193.PP
194\&\fIX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer
195to \fBparam\fR. After this call \fBparam\fR should not be used.
196.PP
197\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification
198method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to
199find an appropriate set of parameters from \fBname\fR.
200.SH "NOTES"
201.IX Header "NOTES"
202The certificates and CRLs in a store are used internally and should \fBnot\fR
203be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy
204applications might implicitly use an \fBX509_STORE_CTX\fR like this:
205.PP
206.Vb 2
207\& X509_STORE_CTX ctx;
208\& X509_STORE_CTX_init(&ctx, store, cert, chain);
209.Ve
210.PP
211this is \fBnot\fR recommended in new applications they should instead do:
212.PP
213.Vb 5
214\& X509_STORE_CTX *ctx;
215\& ctx = X509_STORE_CTX_new();
216\& if (ctx == NULL)
217\& /* Bad error */
218\& X509_STORE_CTX_init(ctx, store, cert, chain);
219.Ve
220.SH "BUGS"
221.IX Header "BUGS"
222The certificates and CRLs in a context are used internally and should \fBnot\fR
223be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
224should be made or reference counts increased instead.
225.SH "RETURN VALUES"
226.IX Header "RETURN VALUES"
227\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an
228error occurred.
229.PP
230\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
231.PP
232\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
233structure or \fB\s-1NULL\s0\fR if an error occurred.
234.PP
235\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR,
236\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR,
237\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return
238values.
239.PP
240\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
241.SH "SEE ALSO"
242.IX Header "SEE ALSO"
243\&\fIX509_verify_cert\fR\|(3)
244\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
245.SH "HISTORY"
246.IX Header "HISTORY"
247\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0