xref: /openbsd-src/lib/libcrypto/man/X509_STORE_set1_param.3 (revision 68dd5bb1859285b71cb62a10bf107b8ad54064d9)

.\" $OpenBSD: X509_STORE_set1_param.3,v 1.20 2023/11/16 20:27:43 schwarze Exp $
.\" content checked up to:
.\" OpenSSL man3/X509_STORE_add_cert b0edda11 Mar 20 13:00:17 2018 +0000
.\" OpenSSL man3/X509_STORE_get0_param e90fc053 Jul 15 09:39:45 2017 -0400
.\"
.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.\" copyright notice and this permission notice appear in all copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: November 16 2023 $
.Dt X509_STORE_SET1_PARAM 3
.Os
.Sh NAME
.Nm X509_STORE_set1_param ,
.Nm X509_STORE_set_flags ,
.Nm X509_STORE_set_purpose ,
.Nm X509_STORE_set_trust ,
.Nm X509_STORE_set_depth ,
.Nm X509_STORE_add_cert ,
.Nm X509_STORE_add_crl ,
.Nm X509_STORE_get0_param ,
.Nm X509_STORE_get0_objects ,
.Nm X509_STORE_get_ex_new_index ,
.Nm X509_STORE_set_ex_data ,
.Nm X509_STORE_get_ex_data
.Nd get and set X509_STORE data
.Sh SYNOPSIS
.In openssl/x509_vfy.h
.Ft int
.Fo X509_STORE_set1_param
.Fa "X509_STORE *store"
.Fa "X509_VERIFY_PARAM *pm"
.Fc
.Ft int
.Fo X509_STORE_set_flags
.Fa "X509_STORE *store"
.Fa "unsigned long flags"
.Fc
.Ft int
.Fo X509_STORE_set_purpose
.Fa "X509_STORE *store"
.Fa "int purpose"
.Fc
.Ft int
.Fo X509_STORE_set_trust
.Fa "X509_STORE *store"
.Fa "int trust"
.Fc
.Ft int
.Fo X509_STORE_set_depth
.Fa "X509_STORE *store"
.Fa "int depth"
.Fc
.Ft int
.Fo X509_STORE_add_cert
.Fa "X509_STORE *store"
.Fa "X509 *x"
.Fc
.Ft int
.Fo X509_STORE_add_crl
.Fa "X509_STORE *store"
.Fa "X509_CRL *crl"
.Fc
.Ft X509_VERIFY_PARAM *
.Fo X509_STORE_get0_param
.Fa "X509_STORE *store"
.Fc
.Ft STACK_OF(X509_OBJECT) *
.Fo X509_STORE_get0_objects
.Fa "X509_STORE *store"
.Fc
.Ft int
.Fo X509_STORE_get_ex_new_index
.Fa "long argl"
.Fa "void *argp"
.Fa "CRYPTO_EX_new *new_func"
.Fa "CRYPTO_EX_dup *dup_func"
.Fa "CRYPTO_EX_free *free_func"
.Fc
.Ft int
.Fo X509_STORE_set_ex_data
.Fa "X509_STORE *store"
.Fa "int idx"
.Fa "void *arg"
.Fc
.Ft void *
.Fo X509_STORE_get_ex_data
.Fa "X509_STORE *store"
.Fa "int idx"
.Fc
.Sh DESCRIPTION
.Fn X509_STORE_set1_param
copies the verification parameters from
.Fa pm
using
.Xr X509_VERIFY_PARAM_set1 3
into the verification parameter object contained in the
.Fa store .
.Pp
.Fn X509_VERIFY_PARAM_set_flags ,
.Fn X509_STORE_set_purpose ,
.Fn X509_STORE_set_trust ,
and
.Fn X509_STORE_set_depth
call
.Fn X509_VERIFY_PARAM_set_flags ,
.Fn X509_VERIFY_PARAM_set_purpose ,
.Fn X509_VERIFY_PARAM_set_trust ,
and
.Fn X509_VERIFY_PARAM_set_depth
on the verification parameter object contained in the
.Fa store .
.Pp
.Fn X509_STORE_add_cert
and
.Fn X509_STORE_add_crl
add the certificate
.Fa x
or the certificate revocation list
.Fa crl
to the
.Fa store ,
increasing its reference count by 1 in case of success.
Untrusted objects should not be added in this way.
.Pp
.Fn X509_STORE_get_ex_new_index ,
.Fn X509_STORE_set_ex_data ,
and
.Fn X509_STORE_get_ex_data
handle application specific data in
.Vt X509_STORE
objects.
Their usage is identical to that of
.Xr RSA_get_ex_new_index 3 ,
.Xr RSA_set_ex_data 3 ,
and
.Xr RSA_get_ex_data 3 .
.Fn X509_STORE_get_ex_new_index
is implemented as a macro.
.Sh RETURN VALUES
.Fn X509_STORE_set1_param ,
.Fn X509_STORE_set_purpose ,
.Fn X509_STORE_set_trust ,
and
.Fn X509_STORE_set_ex_data
return 1 for success or 0 for failure.
.Pp
.Fn X509_STORE_set_flags
and
.Fn X509_STORE_set_depth
always return 1, indicating success.
.Pp
.Fn X509_STORE_add_cert
and
.Fn X509_STORE_add_crl
return 1 for success or 0 for failure.
For example, they fail if
.Fa x
or
.Fa crl
is a
.Dv NULL
pointer, if a certificate with the same subject name as
.Fa x
or a revocation list with the same issuer name as
.Fa crl
are already contained in the
.Fa store ,
or if memory allocation fails.
.Pp
.Fn X509_STORE_get0_param
returns an internal pointer to the verification parameter object
contained in the
.Fa store ,
.Fn X509_STORE_get0_objects
to the stack of certificates, revocation lists, and private keys.
The returned pointers must not be freed by the calling application.
.Pp
.Fn X509_STORE_get_ex_new_index
returns a new index or \-1 on failure.
.Pp
.Fn X509_STORE_get_ex_data
returns the application data or
.Dv NULL
on failure.
.Sh SEE ALSO
.Xr RSA_get_ex_new_index 3 ,
.Xr SSL_set1_param 3 ,
.Xr X509_LOOKUP_new 3 ,
.Xr X509_OBJECT_get0_X509 3 ,
.Xr X509_STORE_CTX_set0_param 3 ,
.Xr X509_STORE_load_locations 3 ,
.Xr X509_STORE_new 3 ,
.Xr X509_VERIFY_PARAM_new 3 ,
.Xr X509_VERIFY_PARAM_set_flags 3
.Sh HISTORY
.Fn X509_STORE_add_cert
first appeared in SSLeay 0.8.0.
.Fn X509_STORE_add_crl
first appeared in SSLeay 0.9.0.
These functions have been available since
.Ox 2.4 .
.Pp
.Fn X509_STORE_set_flags ,
.Fn X509_STORE_set_purpose ,
and
.Fn X509_STORE_set_trust
first appeared in OpenSSL 0.9.7 and have been available since
.Ox 3.2 .
.Pp
.Fn X509_STORE_set1_param
and
.Fn X509_STORE_set_depth
first appeared in OpenSSL 0.9.8 and have been available since
.Ox 4.5 .
.Pp
.Fn X509_STORE_get0_param ,
.Fn X509_STORE_get0_objects ,
.Fn X509_STORE_get_ex_new_index ,
.Fn X509_STORE_set_ex_data ,
and
.Fn X509_STORE_get_ex_data
first appeared in OpenSSL 1.1.0 and have been available since
.Ox 6.3 .