diff options
author | Matt Caswell <matt@openssl.org> | 2016-04-29 17:44:46 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2016-04-29 23:13:58 +0100 |
commit | 7cafbb4bd373f024c4900dcaa71aaf626c2ddbae (patch) | |
tree | 8d72c244a980735821ba52c0fde37a88d58abe3c /doc | |
parent | 77076dc944f76e821e4eae3a6563b853ce00c0ed (diff) | |
download | openssl-7cafbb4bd373f024c4900dcaa71aaf626c2ddbae.tar.gz |
Fix some X509_STORE macros
Some X509_STORE macros do not work since the type was made opaque.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/crypto/X509_STORE_CTX_new.pod | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/doc/crypto/X509_STORE_CTX_new.pod b/doc/crypto/X509_STORE_CTX_new.pod index 17517b3e16..1ec99f1d6e 100644 --- a/doc/crypto/X509_STORE_CTX_new.pod +++ b/doc/crypto/X509_STORE_CTX_new.pod @@ -47,6 +47,7 @@ X509_STORE_CTX_get_verify - X509_STORE_CTX initialisation X509_STORE_CTX_verify X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx, X509_STORE_CTX_verify verify); + void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify verify); =head1 DESCRIPTION @@ -115,6 +116,23 @@ find an appropriate set of parameters from B<name>. X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates that were used in building the chain following a call to X509_verify_cert(). +X509_STORE_CTX_set_verify() provides the capability for overriding the default +verify function. This function is responsible for verifying chain signatures and +expiration times. X509_STORE_CTX_get_verify() obtains the current verify +function being used. + +X509_STORE_set_verify() works in the same way as for X509_STORE_CTX_set_verify() +but sets the default verify function to be used by all X509_STORE_CTX objects +created for this X509_STORE. + +A verify function is defined as an X509_STORE_CTX_verify type which has the +following signature: + + int (*verify)(X509_STORE_CTX *); + +This function should receive the current X509_STORE_CTX as a parameter and +return 1 on success or 0 on failure. + =head1 NOTES The certificates and CRLs in a store are used internally and should B<not> @@ -147,6 +165,9 @@ X509_STORE_CTX_set_default() returns 1 for success or 0 if an error occurred. X509_STORE_CTX_get_num_untrusted() returns the number of untrusted certificates used. +X509_STORE_CTX_get_verify() returns the current verify function in use for this +X509_STORE_CTX. + =head1 SEE ALSO L<X509_verify_cert(3)> @@ -156,5 +177,8 @@ L<X509_VERIFY_PARAM_set_flags(3)> X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0 X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0 +X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously +available as a macro X509_STORE_set_verify_func(). This macro still exists but +simply calls this function. =cut |