SSL_CTX_set1_verify_cert_store(3) OpenSSL SSL_CTX_set1_verify_cert_store(3) NNAAMMEE SSL_CTX_set0_verify_cert_store, SSL_CTX_set1_verify_cert_store, SSL_CTX_set0_chain_cert_store, SSL_CTX_set1_chain_cert_store, SSL_set0_verify_cert_store, SSL_set1_verify_cert_store, SSL_set0_chain_cert_store, SSL_set1_chain_cert_store - set certificate verification or chain store SSYYNNOOPPSSIISS #include int SSL_CTX_set0_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set1_verify_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set0_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_CTX_set1_chain_cert_store(SSL_CTX *ctx, X509_STORE *st); int SSL_set0_verify_cert_store(SSL *ctx, X509_STORE *st); int SSL_set1_verify_cert_store(SSL *ctx, X509_STORE *st); int SSL_set0_chain_cert_store(SSL *ctx, X509_STORE *st); int SSL_set1_chain_cert_store(SSL *ctx, X509_STORE *st); DDEESSCCRRIIPPTTIIOONN _S_S_L___C_T_X___s_e_t_0___v_e_r_i_f_y___c_e_r_t___s_t_o_r_e_(_) and _S_S_L___C_T_X___s_e_t_1___v_e_r_i_f_y___c_e_r_t___s_t_o_r_e_(_) set the certificate store used for certificate verification to sstt. _S_S_L___C_T_X___s_e_t_0___c_h_a_i_n___c_e_r_t___s_t_o_r_e_(_) and _S_S_L___C_T_X___s_e_t_1___c_h_a_i_n___c_e_r_t___s_t_o_r_e_(_) set the certificate store used for certificate chain building to sstt. _S_S_L___s_e_t_0___v_e_r_i_f_y___c_e_r_t___s_t_o_r_e_(_), _S_S_L___s_e_t_1___v_e_r_i_f_y___c_e_r_t___s_t_o_r_e_(_), _S_S_L___s_e_t_0___c_h_a_i_n___c_e_r_t___s_t_o_r_e_(_) and _S_S_L___s_e_t_1___c_h_a_i_n___c_e_r_t___s_t_o_r_e_(_) are similar except they apply to SSL structure ssssll. All these functions are implemented as macros. Those containing a 11 increment the reference count of the supplied store so it must be freed at some point after the operation. Those containing a 00 do not incre- ment reference counts and the supplied store MMUUSSTT NNOOTT be freed after the operation. NNOOTTEESS The stores pointers associated with an SSL_CTX structure are copied to any SSL structures when _S_S_L___n_e_w_(_) is called. As a result SSL structures will not be affected if the parent SSL_CTX store pointer is set to a new value. The verification store is used to verify the certificate chain sent by the peer: that is an SSL/TLS client will use the verification store to verify the server's certificate chain and a SSL/TLS server will use it to verify any client certificate chain. The chain store is used to build the certificate chain. If the mode SSSSLL__MMOODDEE__NNOO__AAUUTTOO__CCHHAAIINN is set or a certificate chain is configured already (for example using the functions such as _S_S_L___C_T_X___a_d_d_1___c_h_a_i_n___c_e_r_t(3) or _S_S_L___C_T_X___a_d_d___e_x_t_r_a___c_h_a_i_n___c_e_r_t(3)) then automatic chain building is disabled. If the mode SSSSLL__MMOODDEE__NNOO__AAUUTTOO__CCHHAAIINN is set then automatic chain building is disabled. If the chain or the verification store is not set then the store asso- ciated with the parent SSL_CTX is used instead to retain compatibility with previous versions of OpenSSL. RREETTUURRNN VVAALLUUEESS All these functions return 1 for success and 0 for failure. SSEEEE AALLSSOO _S_S_L___C_T_X___a_d_d___e_x_t_r_a___c_h_a_i_n___c_e_r_t(3) _S_S_L___C_T_X___s_e_t_0___c_h_a_i_n(3) _S_S_L___C_T_X___s_e_t_1___c_h_a_i_n(3) _S_S_L___C_T_X___a_d_d_0___c_h_a_i_n___c_e_r_t(3) _S_S_L___C_T_X___a_d_d_1___c_h_a_i_n___c_e_r_t(3) _S_S_L___s_e_t_0___c_h_a_i_n(3) _S_S_L___s_e_t_1___c_h_a_i_n(3) _S_S_L___a_d_d_0___c_h_a_i_n___c_e_r_t(3) _S_S_L___a_d_d_1___c_h_a_i_n___c_e_r_t(3) _S_S_L___C_T_X___b_u_i_l_d___c_e_r_t___c_h_a_i_n(3) _S_S_L___b_u_i_l_d___c_e_r_t___c_h_a_i_n(3) HHIISSTTOORRYY These functions were first added to OpenSSL 1.0.2. 1.0.2u 2019-12-20 SSL_CTX_set1_verify_cert_store(3)