1X509_STORE_SET_VERIFY_CB_FUNC(3ossl)OpenSSLX509_STORE_SET_VERIFY_CB_FUNC(3ossl)
2
3
4

NAME

6       X509_STORE_set_lookup_crls_cb, X509_STORE_set_verify_func,
7       X509_STORE_get_cleanup, X509_STORE_set_cleanup,
8       X509_STORE_get_lookup_crls, X509_STORE_set_lookup_crls,
9       X509_STORE_get_lookup_certs, X509_STORE_set_lookup_certs,
10       X509_STORE_get_check_policy, X509_STORE_set_check_policy,
11       X509_STORE_get_cert_crl, X509_STORE_set_cert_crl,
12       X509_STORE_get_check_crl, X509_STORE_set_check_crl,
13       X509_STORE_get_get_crl, X509_STORE_set_get_crl,
14       X509_STORE_get_check_revocation, X509_STORE_set_check_revocation,
15       X509_STORE_get_check_issued, X509_STORE_set_check_issued,
16       X509_STORE_CTX_get1_issuer, X509_STORE_get_get_issuer,
17       X509_STORE_set_get_issuer, X509_STORE_CTX_get_verify,
18       X509_STORE_set_verify, X509_STORE_get_verify_cb,
19       X509_STORE_set_verify_cb_func, X509_STORE_set_verify_cb,
20       X509_STORE_CTX_cert_crl_fn, X509_STORE_CTX_check_crl_fn,
21       X509_STORE_CTX_check_issued_fn, X509_STORE_CTX_check_policy_fn,
22       X509_STORE_CTX_check_revocation_fn, X509_STORE_CTX_cleanup_fn,
23       X509_STORE_CTX_get_crl_fn, X509_STORE_CTX_get_issuer_fn,
24       X509_STORE_CTX_lookup_certs_fn, X509_STORE_CTX_lookup_crls_fn - set
25       verification callback
26

SYNOPSIS

28        #include <openssl/x509_vfy.h>
29
30        typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
31                                                    X509_STORE_CTX *ctx, X509 *x);
32        typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
33                                                      X509 *x, X509 *issuer);
34        typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
35        typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
36                                                 X509_CRL **crl, X509 *x);
37        typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
38        typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
39                                                  X509_CRL *crl, X509 *x);
40        typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
41        typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
42                                                                  const X509_NAME *nm);
43        typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(const
44                                                                     X509_STORE_CTX *ctx,
45                                                                     const X509_NAME *nm);
46        typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
47
48        void X509_STORE_set_verify_cb(X509_STORE *ctx,
49                                      X509_STORE_CTX_verify_cb verify_cb);
50        X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(const X509_STORE_CTX *ctx);
51
52        void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
53        X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(const X509_STORE_CTX *ctx);
54
55        int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
56        X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(const X509_STORE_CTX *ctx);
57        void X509_STORE_set_get_issuer(X509_STORE *ctx,
58                                       X509_STORE_CTX_get_issuer_fn get_issuer);
59
60        void X509_STORE_set_check_issued(X509_STORE *ctx,
61                                         X509_STORE_CTX_check_issued_fn check_issued);
62        X509_STORE_CTX_check_issued_fn
63            X509_STORE_get_check_issued(const X509_STORE_CTX *ctx);
64
65        void X509_STORE_set_check_revocation(X509_STORE *ctx,
66                                             X509_STORE_CTX_check_revocation_fn check_revocation);
67        X509_STORE_CTX_check_revocation_fn
68            X509_STORE_get_check_revocation(const X509_STORE_CTX *ctx);
69
70        void X509_STORE_set_get_crl(X509_STORE *ctx,
71                                    X509_STORE_CTX_get_crl_fn get_crl);
72        X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(const X509_STORE_CTX *ctx);
73
74        void X509_STORE_set_check_crl(X509_STORE *ctx,
75                                      X509_STORE_CTX_check_crl_fn check_crl);
76        X509_STORE_CTX_check_crl_fn
77            X509_STORE_get_check_crl(const X509_STORE_CTX *ctx);
78
79        void X509_STORE_set_cert_crl(X509_STORE *ctx,
80                                     X509_STORE_CTX_cert_crl_fn cert_crl);
81        X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(const X509_STORE_CTX *ctx);
82
83        void X509_STORE_set_check_policy(X509_STORE *ctx,
84                                         X509_STORE_CTX_check_policy_fn check_policy);
85        X509_STORE_CTX_check_policy_fn
86            X509_STORE_get_check_policy(const X509_STORE_CTX *ctx);
87
88        void X509_STORE_set_lookup_certs(X509_STORE *ctx,
89                                         X509_STORE_CTX_lookup_certs_fn lookup_certs);
90        X509_STORE_CTX_lookup_certs_fn
91            X509_STORE_get_lookup_certs(const X509_STORE_CTX *ctx);
92
93        void X509_STORE_set_lookup_crls(X509_STORE *ctx,
94                                        X509_STORE_CTX_lookup_crls_fn lookup_crls);
95        X509_STORE_CTX_lookup_crls_fn
96            X509_STORE_get_lookup_crls(const X509_STORE_CTX *ctx);
97
98        void X509_STORE_set_cleanup(X509_STORE *ctx,
99                                    X509_STORE_CTX_cleanup_fn cleanup);
100        X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(const X509_STORE_CTX *ctx);
101
102        /* Aliases */
103        void X509_STORE_set_verify_cb_func(X509_STORE *st,
104                                           X509_STORE_CTX_verify_cb verify_cb);
105        void X509_STORE_set_verify_func(X509_STORE *ctx,
106                                        X509_STORE_CTX_verify_fn verify);
107        void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
108                                           X509_STORE_CTX_lookup_crls_fn lookup_crls);
109

DESCRIPTION

111       X509_STORE_set_verify_cb() sets the verification callback of ctx to
112       verify_cb overwriting the previous callback.  The callback assigned
113       with this function becomes a default for the one that can be assigned
114       directly to the corresponding X509_STORE_CTX, please see
115       X509_STORE_CTX_set_verify_cb(3) for further information.
116
117       X509_STORE_set_verify() sets the final chain verification function for
118       ctx to verify.  Its purpose is to go through the chain of certificates
119       and check that all signatures are valid and that the current time is
120       within the limits of each certificate's first and last validity time.
121       The final chain verification functions must return 0 on failure and 1
122       on success.  If no chain verification function is provided, the
123       internal default function will be used instead.
124
125       X509_STORE_CTX_get1_issuer() tries to find a certificate from the store
126       component of ctx with a subject name matching the issuer name of x.  On
127       success it assigns to *issuer the first match that is currently valid,
128       or at least the most recently expired match if there is no currently
129       valid one.  If the function returns 1 the caller is responsible for
130       freeing *issuer.
131
132       X509_STORE_set_get_issuer() sets the function get_issuer to get the
133       "best" candidate issuer certificate of the given certificate x.  When
134       such a certificate is found, get_issuer must up-ref and assign it to
135       *issuer and then return 1.  Otherwise get_issuer must return 0 if not
136       found and -1 (or 0) on failure.  If X509_STORE_set_get_issuer() is not
137       used or get_issuer is NULL then X509_STORE_CTX_get1_issuer() is used as
138       the default implementation.
139
140       X509_STORE_set_check_issued() sets the function to check that a given
141       certificate x is issued by the issuer certificate issuer.  This
142       function must return 0 on failure (among others if x hasn't been issued
143       with issuer) and 1 on success.  If no function to get the issuer is
144       provided, the internal default function will be used instead.
145
146       X509_STORE_set_check_revocation() sets the revocation checking
147       function.  Its purpose is to look through the final chain and check the
148       revocation status for each certificate.  It must return 0 on failure
149       and 1 on success.  If no function to get the issuer is provided, the
150       internal default function will be used instead.
151
152       X509_STORE_set_get_crl() sets the function to get the crl for a given
153       certificate x.  When found, the crl must be assigned to *crl.  This
154       function must return 0 on failure and 1 on success.  If no function to
155       get the issuer is provided, the internal default function will be used
156       instead.
157
158       X509_STORE_set_check_crl() sets the function to check the validity of
159       the given crl.  This function must return 0 on failure and 1 on
160       success.  If no function to get the issuer is provided, the internal
161       default function will be used instead.
162
163       X509_STORE_set_cert_crl() sets the function to check the revocation
164       status of the given certificate x against the given crl.  This function
165       must return 0 on failure and 1 on success.  If no function to get the
166       issuer is provided, the internal default function will be used instead.
167
168       X509_STORE_set_check_policy() sets the function to check the policies
169       of all the certificates in the final chain..  This function must return
170       0 on failure and 1 on success.  If no function to get the issuer is
171       provided, the internal default function will be used instead.
172
173       X509_STORE_set_lookup_certs() and X509_STORE_set_lookup_crls() set the
174       functions to look up all the certs or all the CRLs that match the given
175       name nm.  These functions return NULL on failure and a pointer to a
176       stack of certificates (X509) or to a stack of CRLs (X509_CRL) on
177       success.  If no function to get the issuer is provided, the internal
178       default function will be used instead.
179
180       X509_STORE_set_cleanup() sets the final cleanup function, which is
181       called when the context (X509_STORE_CTX) is being torn down.  This
182       function doesn't return any value.  If no function to get the issuer is
183       provided, the internal default function will be used instead.
184
185       X509_STORE_get_verify_cb(), X509_STORE_CTX_get_verify(),
186       X509_STORE_get_get_issuer(), X509_STORE_get_check_issued(),
187       X509_STORE_get_check_revocation(), X509_STORE_get_get_crl(),
188       X509_STORE_get_check_crl(), X509_STORE_set_verify(),
189       X509_STORE_set_get_issuer(), X509_STORE_get_cert_crl(),
190       X509_STORE_get_check_policy(), X509_STORE_get_lookup_certs(),
191       X509_STORE_get_lookup_crls() and X509_STORE_get_cleanup() all return
192       the function pointer assigned with X509_STORE_set_check_issued(),
193       X509_STORE_set_check_revocation(), X509_STORE_set_get_crl(),
194       X509_STORE_set_check_crl(), X509_STORE_set_cert_crl(),
195       X509_STORE_set_check_policy(), X509_STORE_set_lookup_certs(),
196       X509_STORE_set_lookup_crls() and X509_STORE_set_cleanup(), or NULL if
197       no assignment has been made.
198
199       X509_STORE_set_verify_cb_func(), X509_STORE_set_verify_func() and
200       X509_STORE_set_lookup_crls_cb() are aliases for
201       X509_STORE_set_verify_cb(), X509_STORE_set_verify() and
202       X509_STORE_set_lookup_crls, available as macros for backward
203       compatibility.
204

NOTES

206       All the callbacks from a X509_STORE are inherited by the corresponding
207       X509_STORE_CTX structure when it is initialized.  See
208       X509_STORE_CTX_set_verify_cb(3) for further details.
209

BUGS

211       The macro version of this function was the only one available before
212       OpenSSL 1.0.0.
213

RETURN VALUES

215       The X509_STORE_set_*() functions do not return a value.
216
217       The X509_STORE_get_*() functions return a pointer of the appropriate
218       function type.
219
220       X509_STORE_CTX_get1_issuer() returns 1 if a suitable certificate is
221       found, 0 if not found, -1 on other error.
222

SEE ALSO

224       X509_STORE_CTX_set_verify_cb(3), X509_STORE_CTX_get0_chain(3),
225       X509_STORE_CTX_verify_cb(3), X509_STORE_CTX_verify_fn(3), CMS_verify(3)
226

HISTORY

228       The X509_STORE_set_verify_cb() function was added in OpenSSL 1.0.0.
229
230       The functions X509_STORE_set_verify_cb(), X509_STORE_get_verify_cb(),
231       X509_STORE_set_verify(), X509_STORE_CTX_get_verify(),
232       X509_STORE_set_get_issuer(), X509_STORE_get_get_issuer(),
233       X509_STORE_set_check_issued(), X509_STORE_get_check_issued(),
234       X509_STORE_set_check_revocation(), X509_STORE_get_check_revocation(),
235       X509_STORE_set_get_crl(), X509_STORE_get_get_crl(),
236       X509_STORE_set_check_crl(), X509_STORE_get_check_crl(),
237       X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
238       X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
239       X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
240       X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
241       X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in
242       OpenSSL 1.1.0.
243

COPYRIGHT

245       Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
246
247       Licensed under the Apache License 2.0 (the "License").  You may not use
248       this file except in compliance with the License.  You can obtain a copy
249       in the file LICENSE in the source distribution or at
250       <https://www.openssl.org/source/license.html>.
251
252
253
2543.1.1                             2023-08-3X1509_STORE_SET_VERIFY_CB_FUNC(3ossl)