1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryTS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs 6*b077aed3SPierre Pronchery- set certificates for TS response verification 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/ts.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx, 13*b077aed3SPierre Pronchery STACK_OF(X509) *certs); 14*b077aed3SPierre Pronchery STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, 15*b077aed3SPierre Pronchery STACK_OF(X509) *certs); 16*b077aed3SPierre Pronchery 17*b077aed3SPierre Pronchery=head1 DESCRIPTION 18*b077aed3SPierre Pronchery 19*b077aed3SPierre ProncheryThe Time-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to 20*b077aed3SPierre Proncheryprovide long term proof of the existence of a certain datum before a particular 21*b077aed3SPierre Proncherytime. TSP defines a Time Stamping Authority (TSA) and an entity who shall make 22*b077aed3SPierre Proncheryrequests to the TSA. Usually the TSA is denoted as the server side and the 23*b077aed3SPierre Proncheryrequesting entity is denoted as the client. 24*b077aed3SPierre Pronchery 25*b077aed3SPierre ProncheryIn TSP, when a server is sending a response to a client, the server normally 26*b077aed3SPierre Proncheryneeds to sign the response data - the TimeStampToken (TST) - with its private 27*b077aed3SPierre Proncherykey. Then the client shall verify the received TST by the server's certificate 28*b077aed3SPierre Proncherychain. 29*b077aed3SPierre Pronchery 30*b077aed3SPierre ProncheryTS_VERIFY_CTX_set_certs() is used to set the server's certificate chain when 31*b077aed3SPierre Proncheryverifying a TST. B<ctx> is the verification context created in advance and 32*b077aed3SPierre ProncheryB<certs> is a stack of B<X509> certificates. 33*b077aed3SPierre Pronchery 34*b077aed3SPierre ProncheryTS_VERIFY_CTS_set_certs() is a misspelled version of TS_VERIFY_CTX_set_certs() 35*b077aed3SPierre Proncherywhich takes the same parameters and returns the same result. 36*b077aed3SPierre Pronchery 37*b077aed3SPierre Pronchery=head1 RETURN VALUES 38*b077aed3SPierre Pronchery 39*b077aed3SPierre ProncheryTS_VERIFY_CTX_set_certs() returns the stack of B<X509> certificates the user 40*b077aed3SPierre Proncherypasses in via parameter B<certs>. 41*b077aed3SPierre Pronchery 42*b077aed3SPierre Pronchery=head1 SEE ALSO 43*b077aed3SPierre Pronchery 44*b077aed3SPierre ProncheryL<OSSL_ESS_check_signing_certs(3)> 45*b077aed3SPierre Pronchery 46*b077aed3SPierre Pronchery=head1 HISTORY 47*b077aed3SPierre Pronchery 48*b077aed3SPierre ProncheryThe spelling of TS_VERIFY_CTX_set_certs() was corrected in OpenSSL 3.0.0. 49*b077aed3SPierre ProncheryThe misspelled version TS_VERIFY_CTS_set_certs() has been retained for 50*b077aed3SPierre Proncherycompatibility reasons, but it is deprecated in OpenSSL 3.0.0. 51*b077aed3SPierre Pronchery 52*b077aed3SPierre Pronchery=head1 COPYRIGHT 53*b077aed3SPierre Pronchery 54*b077aed3SPierre ProncheryCopyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. 55*b077aed3SPierre Pronchery 56*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 57*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 58*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 59*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 60*b077aed3SPierre Pronchery 61*b077aed3SPierre Pronchery=cut 62