[dragonfly.git] / secure / lib / libcrypto / man / X509_STORE_CTX_new.3

.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
.    de IX
.    tm Index:\\$1\t\\n%\t"\\$2"
..
.    nr % 0
.    rr F
.\}
.el \{\
.    de IX
..
.\}
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "X509_STORE_CTX_new 3"
.TH X509_STORE_CTX_new 3 "2012-01-04" "1.0.0f" "OpenSSL"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX initialisation
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/x509_vfy.h>
\&
\& X509_STORE_CTX *X509_STORE_CTX_new(void);
\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
\&
\& int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
\&                         X509 *x509, STACK_OF(X509) *chain);
\&
\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
\&
\& void   X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx,X509 *x);
\& void   X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx,STACK_OF(X509) *sk);
\& void   X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk);
\&
\& X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
\& void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
\& int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use
by \fIX509_verify_cert()\fR.
.PP
\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
.PP
\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR.
.PP
\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
is no longer valid.
.PP
\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
The trusted certificate store is set to \fBstore\fR, the end entity certificate
to be verified is set to \fBx509\fR and a set of additional certificates (which
will be untrusted but may be used to build the chain) in \fBchain\fR. Any or
all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \fB\s-1NULL\s0\fR.
.PP
\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR
to \fBsk\fR. This is an alternative way of specifying trusted certificates 
instead of using an \fBX509_STORE\fR.
.PP
\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to
\&\fBx\fR.
.PP
\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR
to \fBsk\fR.
.PP
\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is
enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be
used where additional \*(L"useful\*(R" CRLs are supplied as part of a protocol,
for example in a PKCS#7 structure.
.PP
X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer
to the verification parameters associated with \fBctx\fR.
.PP
\&\fIX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer
to \fBparam\fR. After this call \fBparam\fR should not be used.
.PP
\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification
method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to
find an appropriate set of parameters from \fBname\fR.
.SH "NOTES"
.IX Header "NOTES"
The certificates and CRLs in a store are used internally and should \fBnot\fR
be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy
applications might implicitly use an \fBX509_STORE_CTX\fR like this:
.PP
.Vb 2
\&  X509_STORE_CTX ctx;
\&  X509_STORE_CTX_init(&ctx, store, cert, chain);
.Ve
.PP
this is \fBnot\fR recommended in new applications they should instead do:
.PP
.Vb 5
\&  X509_STORE_CTX *ctx;
\&  ctx = X509_STORE_CTX_new();
\&  if (ctx == NULL)
\&        /* Bad error */
\&  X509_STORE_CTX_init(ctx, store, cert, chain);
.Ve
.SH "BUGS"
.IX Header "BUGS"
The certificates and CRLs in a context are used internally and should \fBnot\fR
be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
should be made or reference counts increased instead.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an
error occurred.
.PP
\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
.PP
\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
structure or \fB\s-1NULL\s0\fR if an error occurred.
.PP
\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR,
\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR,
\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return
values.
.PP
\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIX509_verify_cert\fR\|(3)
\&\fIX509_VERIFY_PARAM_set_flags\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0
Commit	Line	Data
e3261593	1	.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
01185282 PA	2	.\"
	3	.\" Standard preamble:
	4	.\" ========================================================================
	5	.de Sp \" Vertical space (when we can't use .PP)
	6	.if t .sp .5v
	7	.if n .sp
	8	..
	9	.de Vb \" Begin verbatim text
	10	.ft CW
	11	.nf
	12	.ne \\$1
	13	..
	14	.de Ve \" End verbatim text
	15	.ft R
	16	.fi
	17	..
	18	.\" Set up some character translations and predefined strings. \*(-- will
	19	.\" give an unbreakable dash, \(PI will give pi, \(L" will give a left
	20	.\" double quote, and \(R" will give a right double quote. \(C+ will
	21	.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
	22	.\" therefore won't be available. \(C` and \(C' expand to `' in nroff,
	23	.\" nothing in troff, for use with C<>.
	24	.tr \(*W-
	25	.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
	26	.ie n \{\
	27	. ds -- \(*W-
	28	. ds PI pi
	29	. if (\n(.H=4u)&(1m=24u) .ds -- \(W\h'-12u'\(W\h'-12u'-\" diablo 10 pitch
	30	. if (\n(.H=4u)&(1m=20u) .ds -- \(W\h'-12u'\(W\h'-8u'-\" diablo 12 pitch
	31	. ds L" ""
	32	. ds R" ""
	33	. ds C` ""
	34	. ds C' ""
	35	'br\}
	36	.el\{\
	37	. ds -- \\|\(em\\|
	38	. ds PI \(*p
	39	. ds L" ``
	40	. ds R" ''
	41	'br\}
	42	.\"
	43	.\" Escape single quotes in literal strings from groff's Unicode transform.
	44	.ie \n(.g .ds Aq \(aq
	45	.el .ds Aq '
	46	.\"
	47	.\" If the F register is turned on, we'll generate index entries on stderr for
	48	.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
	49	.\" entries marked with X<> in POD. Of course, you'll have to process the
	50	.\" output yourself in some meaningful fashion.
	51	.ie \nF \{\
	52	. de IX
	53	. tm Index:\\$1\t\\n%\t"\\$2"
	54	..
	55	. nr % 0
	56	. rr F
	57	.\}
	58	.el \{\
	59	. de IX
	60	..
	61	.\}
	62	.\"
	63	.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
	64	.\" Fear. Run. Save yourself. No user-serviceable parts.
	65	. \" fudge factors for nroff and troff
66	.if n \{\
67	. ds #H 0
68	. ds #V .8m
69	. ds #F .3m
70	. ds #[ \f1
71	. ds #] \fP
72	.\}
73	.if t \{\
74	. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75	. ds #V .6m
76	. ds #F 0
77	. ds #[ \&
78	. ds #] \&
79	.\}
80	. \" simple accents for nroff and troff
81	.if n \{\
82	. ds ' \&
83	. ds ` \&
84	. ds ^ \&
85	. ds , \&
86	. ds ~ ~
87	. ds /
88	.\}
89	.if t \{\
90	. ds ' \\k:\h'-(\\n(.wu8/10-\(#H)'\'\h"\|\\n:u"
91	. ds ` \\k:\h'-(\\n(.wu8/10-\(#H)'\`\h'\|\\n:u'
92	. ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'^\h'\|\\n:u'
93	. ds , \\k:\h'-(\\n(.wu*8/10)',\h'\|\\n:u'
94	. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'\|\\n:u'
95	. ds / \\k:\h'-(\\n(.wu8/10-\(#H)'\z\(sl\h'\|\\n:u'
96	.\}
97	. \" troff and (daisy-wheel) nroff accents
98	.ds : \\k:\h'-(\\n(.wu8/10-\(#H+.1m+\(#F)'\v'-\(#V'\z.\h'.2m+\(#F'.\h'\|\\n:u'\v'\(#V'
99	.ds 8 \h'\(#H'\(b\h'-\*(#H'
100	.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\(#H)/2u'\v'-.3n'\(#[\z\(de\v'.3n'\h'\|\\n:u'\*(#]
101	.ds d- \h'\(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\(#H'
102	.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'\|\\n:u'
103	.ds th \(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u2/3)'\s-1o\s+1\*(#]
104	.ds Th \(#[\s+2I\s-2\h'-\w'I'u3/5'\v'-.3m'o\v'.3m'\*(#]
105	.ds ae a\h'-(\w'a'u*4/10)'e
106	.ds Ae A\h'-(\w'A'u*4/10)'E
107	. \" corrections for vroff
108	.if v .ds ~ \\k:\h'-(\\n(.wu9/10-\(#H)'\s-2\u~\d\s+2\h'\|\\n:u'
109	.if v .ds ^ \\k:\h'-(\\n(.wu10/11-\(#H)'\v'-.4m'^\v'.4m'\h'\|\\n:u'
110	. \" for low resolution devices (crt and lpr)
111	.if \n(.H>23 .if \n(.V>19 \
112	\{\
113	. ds : e
114	. ds 8 ss
115	. ds o a
116	. ds d- d\h'-1'\(ga
117	. ds D- D\h'-1'\(hy
118	. ds th \o'bp'
119	. ds Th \o'LP'
120	. ds ae ae
121	. ds Ae AE
122	.\}
123	.rm #[ #] #H #V #F C
124	.\" ========================================================================
125	.\"
126	.IX Title "X509_STORE_CTX_new 3"
e3261593	127	.TH X509_STORE_CTX_new 3 "2012-01-04" "1.0.0f" "OpenSSL"
01185282 PA	128	.\" For nroff, turn off justification. Always turn off hyphenation; it makes
	129	.\" way too many mistakes in technical documents.
	130	.if n .ad l
	131	.nh
	132	.SH "NAME"
	133	X509_STORE_CTX_new, X509_STORE_CTX_cleanup, X509_STORE_CTX_free, X509_STORE_CTX_init, X509_STORE_CTX_trusted_stack, X509_STORE_CTX_set_cert, X509_STORE_CTX_set_chain, X509_STORE_CTX_set0_crls, X509_STORE_CTX_get0_param, X509_STORE_CTX_set0_param, X509_STORE_CTX_set_default \- X509_STORE_CTX initialisation
	134	.SH "SYNOPSIS"
	135	.IX Header "SYNOPSIS"
	136	.Vb 1
	137	\& #include <openssl/x509_vfy.h>
	138	\&
	139	\& X509_STORE_CTX *X509_STORE_CTX_new(void);
	140	\& void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
	141	\& void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
	142	\&
	143	\& int X509_STORE_CTX_init(X509_STORE_CTX ctx, X509_STORE store,
	144	\& X509 x509, STACK_OF(X509) chain);
	145	\&
	146	\& void X509_STORE_CTX_trusted_stack(X509_STORE_CTX ctx, STACK_OF(X509) sk);
	147	\&
	148	\& void X509_STORE_CTX_set_cert(X509_STORE_CTX ctx,X509 x);
	149	\& void X509_STORE_CTX_set_chain(X509_STORE_CTX ctx,STACK_OF(X509) sk);
	150	\& void X509_STORE_CTX_set0_crls(X509_STORE_CTX ctx, STACK_OF(X509_CRL) sk);
	151	\&
	152	\& X509_VERIFY_PARAM X509_STORE_CTX_get0_param(X509_STORE_CTX ctx);
	153	\& void X509_STORE_CTX_set0_param(X509_STORE_CTX ctx, X509_VERIFY_PARAM param);
	154	\& int X509_STORE_CTX_set_default(X509_STORE_CTX ctx, const char name);
	155	.Ve
	156	.SH "DESCRIPTION"
	157	.IX Header "DESCRIPTION"
	158	These functions initialise an \fBX509_STORE_CTX\fR structure for subsequent use
	159	by \fIX509_verify_cert()\fR.
	160	.PP
	161	\&\fIX509_STORE_CTX_new()\fR returns a newly initialised \fBX509_STORE_CTX\fR structure.
	162	.PP
	163	\&\fIX509_STORE_CTX_cleanup()\fR internally cleans up an \fBX509_STORE_CTX\fR structure.
	164	The context can then be reused with an new call to \fIX509_STORE_CTX_init()\fR.
	165	.PP
	166	\&\fIX509_STORE_CTX_free()\fR completely frees up \fBctx\fR. After this call \fBctx\fR
	167	is no longer valid.
	168	.PP
	169	\&\fIX509_STORE_CTX_init()\fR sets up \fBctx\fR for a subsequent verification operation.
	170	The trusted certificate store is set to \fBstore\fR, the end entity certificate
	171	to be verified is set to \fBx509\fR and a set of additional certificates (which
	172	will be untrusted but may be used to build the chain) in \fBchain\fR. Any or
	173	all of the \fBstore\fR, \fBx509\fR and \fBchain\fR parameters can be \fB\s-1NULL\s0\fR.
	174	.PP
	175	\&\fIX509_STORE_CTX_trusted_stack()\fR sets the set of trusted certificates of \fBctx\fR
	176	to \fBsk\fR. This is an alternative way of specifying trusted certificates
	177	instead of using an \fBX509_STORE\fR.
	178	.PP
	179	\&\fIX509_STORE_CTX_set_cert()\fR sets the certificate to be vertified in \fBctx\fR to
	180	\&\fBx\fR.
	181	.PP
	182	\&\fIX509_STORE_CTX_set_chain()\fR sets the additional certificate chain used by \fBctx\fR
	183	to \fBsk\fR.
	184	.PP
	185	\&\fIX509_STORE_CTX_set0_crls()\fR sets a set of CRLs to use to aid certificate
	186	verification to \fBsk\fR. These CRLs will only be used if \s-1CRL\s0 verification is
	187	enabled in the associated \fBX509_VERIFY_PARAM\fR structure. This might be
	188	used where additional \(L"useful\(R" CRLs are supplied as part of a protocol,
	189	for example in a PKCS#7 structure.
	190	.PP
	191	X509_VERIFY_PARAM *\fIX509_STORE_CTX_get0_param()\fR retrieves an intenal pointer
192	to the verification parameters associated with \fBctx\fR.
193	.PP
194	\&\fIX509_STORE_CTX_set0_param()\fR sets the intenal verification parameter pointer
195	to \fBparam\fR. After this call \fBparam\fR should not be used.
196	.PP
197	\&\fIX509_STORE_CTX_set_default()\fR looks up and sets the default verification
198	method to \fBname\fR. This uses the function \fIX509_VERIFY_PARAM_lookup()\fR to
199	find an appropriate set of parameters from \fBname\fR.
200	.SH "NOTES"
201	.IX Header "NOTES"
202	The certificates and CRLs in a store are used internally and should \fBnot\fR
203	be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Legacy
204	applications might implicitly use an \fBX509_STORE_CTX\fR like this:
205	.PP
206	.Vb 2
207	\& X509_STORE_CTX ctx;
208	\& X509_STORE_CTX_init(&ctx, store, cert, chain);
209	.Ve
210	.PP
211	this is \fBnot\fR recommended in new applications they should instead do:
212	.PP
213	.Vb 5
214	\& X509_STORE_CTX *ctx;
215	\& ctx = X509_STORE_CTX_new();
216	\& if (ctx == NULL)
217	\& /* Bad error */
218	\& X509_STORE_CTX_init(ctx, store, cert, chain);
219	.Ve
220	.SH "BUGS"
221	.IX Header "BUGS"
222	The certificates and CRLs in a context are used internally and should \fBnot\fR
223	be freed up until after the associated \fBX509_STORE_CTX\fR is freed. Copies
224	should be made or reference counts increased instead.
225	.SH "RETURN VALUES"
226	.IX Header "RETURN VALUES"
227	\&\fIX509_STORE_CTX_new()\fR returns an newly allocates context or \fB\s-1NULL\s0\fR is an
228	error occurred.
229	.PP
230	\&\fIX509_STORE_CTX_init()\fR returns 1 for success or 0 if an error occurred.
231	.PP
232	\&\fIX509_STORE_CTX_get0_param()\fR returns a pointer to an \fBX509_VERIFY_PARAM\fR
233	structure or \fB\s-1NULL\s0\fR if an error occurred.
234	.PP
235	\&\fIX509_STORE_CTX_cleanup()\fR, \fIX509_STORE_CTX_free()\fR, \fIX509_STORE_CTX_trusted_stack()\fR,
236	\&\fIX509_STORE_CTX_set_cert()\fR, \fIX509_STORE_CTX_set_chain()\fR,
237	\&\fIX509_STORE_CTX_set0_crls()\fR and \fIX509_STORE_CTX_set0_param()\fR do not return
238	values.
239	.PP
240	\&\fIX509_STORE_CTX_set_default()\fR returns 1 for success or 0 if an error occurred.
241	.SH "SEE ALSO"
242	.IX Header "SEE ALSO"
243	\&\fIX509_verify_cert\fR\\|(3)
244	\&\fIX509_VERIFY_PARAM_set_flags\fR\\|(3)
245	.SH "HISTORY"
246	.IX Header "HISTORY"
247	\&\fIX509_STORE_CTX_set0_crls()\fR was first added to OpenSSL 1.0.0