|
|
|
|
@ -122,14 +122,14 @@ X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn
|
|
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_verify_cb() sets the verification callback of B<ctx> to
|
|
|
|
|
B<verify_cb> overwriting the previous callback.
|
|
|
|
|
X509_STORE_set_verify_cb() sets the verification callback of I<ctx> to
|
|
|
|
|
I<verify_cb> overwriting the previous callback.
|
|
|
|
|
The callback assigned with this function becomes a default for the one
|
|
|
|
|
that can be assigned directly to the corresponding B<X509_STORE_CTX>,
|
|
|
|
|
please see L<X509_STORE_CTX_set_verify_cb(3)> for further information.
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_verify() sets the final chain verification function for
|
|
|
|
|
B<ctx> to B<verify>.
|
|
|
|
|
I<ctx> to I<verify>.
|
|
|
|
|
Its purpose is to go through the chain of certificates and check that
|
|
|
|
|
all signatures are valid and that the current time is within the
|
|
|
|
|
limits of each certificate's first and last validity time.
|
|
|
|
|
@ -145,17 +145,17 @@ or at least the most recently expired match if there is no currently valid one.
|
|
|
|
|
If the function returns 1 the caller is responsible for freeing I<*issuer>.
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_get_issuer() sets the function I<get_issuer>
|
|
|
|
|
to get the "best" candidate issuer certificate of the given certificate B<x>.
|
|
|
|
|
to get the "best" candidate issuer certificate of the given certificate I<x>.
|
|
|
|
|
When such a certificate is found, I<get_issuer> must up-ref and assign it
|
|
|
|
|
to B<*issuer> and then return 1.
|
|
|
|
|
to I<*issuer> and then return 1.
|
|
|
|
|
Otherwise I<get_issuer> must return 0 if not found and -1 (or 0) on failure.
|
|
|
|
|
If X509_STORE_set_get_issuer() is not used or I<get_issuer> is NULL
|
|
|
|
|
then X509_STORE_CTX_get1_issuer() is used as the default implementation.
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_check_issued() sets the function to check that a given
|
|
|
|
|
certificate B<x> is issued by the issuer certificate B<issuer>.
|
|
|
|
|
This function must return 0 on failure (among others if B<x> hasn't
|
|
|
|
|
been issued with B<issuer>) and 1 on success.
|
|
|
|
|
certificate I<x> is issued by the issuer certificate I<issuer>.
|
|
|
|
|
This function must return 0 on failure (among others if I<x> hasn't
|
|
|
|
|
been issued with I<issuer>) and 1 on success.
|
|
|
|
|
I<If no function to get the issuer is provided, the internal default
|
|
|
|
|
function will be used instead.>
|
|
|
|
|
|
|
|
|
|
@ -168,20 +168,20 @@ I<If no function to get the issuer is provided, the internal default
|
|
|
|
|
function will be used instead.>
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_get_crl() sets the function to get the crl for a given
|
|
|
|
|
certificate B<x>.
|
|
|
|
|
When found, the crl must be assigned to B<*crl>.
|
|
|
|
|
certificate I<x>.
|
|
|
|
|
When found, the crl must be assigned to I<*crl>.
|
|
|
|
|
This function must return 0 on failure and 1 on success.
|
|
|
|
|
I<If no function to get the issuer is provided, the internal default
|
|
|
|
|
function will be used instead.>
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_check_crl() sets the function to check the validity of
|
|
|
|
|
the given B<crl>.
|
|
|
|
|
the given I<crl>.
|
|
|
|
|
This function must return 0 on failure and 1 on success.
|
|
|
|
|
I<If no function to get the issuer is provided, the internal default
|
|
|
|
|
function will be used instead.>
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_cert_crl() sets the function to check the revocation
|
|
|
|
|
status of the given certificate B<x> against the given B<crl>.
|
|
|
|
|
status of the given certificate I<x> against the given I<crl>.
|
|
|
|
|
This function must return 0 on failure and 1 on success.
|
|
|
|
|
I<If no function to get the issuer is provided, the internal default
|
|
|
|
|
function will be used instead.>
|
|
|
|
|
@ -194,7 +194,7 @@ function will be used instead.>
|
|
|
|
|
|
|
|
|
|
X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
|
|
|
|
|
functions to look up all the certs or all the CRLs that match the
|
|
|
|
|
given name B<nm>.
|
|
|
|
|
given name I<nm>.
|
|
|
|
|
These functions return NULL on failure and a pointer to a stack of
|
|
|
|
|
certificates (B<X509>) or to a stack of CRLs (B<X509_CRL>) on
|
|
|
|
|
success.
|
|
|
|
|
|
Dr. David von Oheimb
2 years ago
committed by