Sortix
current nightly

Sortix nightly manual

This manual documents Sortix nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.

NAME

X509_STORE_set1_param, X509_STORE_set_flags, X509_STORE_set_purpose, X509_STORE_set_trust, X509_STORE_set_depth, X509_STORE_add_cert, X509_STORE_add_crl, X509_STORE_get0_param, X509_STORE_get1_objects, X509_STORE_get0_objects, X509_STORE_get_ex_new_index, X509_STORE_set_ex_data, X509_STORE_get_ex_dataget and set X509_STORE data

SYNOPSIS

#include <openssl/x509_vfy.h>
int
X509_STORE_set1_param(X509_STORE *store, X509_VERIFY_PARAM *pm);
int
X509_STORE_set_flags(X509_STORE *store, unsigned long flags);
int
X509_STORE_set_purpose(X509_STORE *store, int purpose);
int
X509_STORE_set_trust(X509_STORE *store, int trust);
int
X509_STORE_set_depth(X509_STORE *store, int depth);
int
X509_STORE_add_cert(X509_STORE *store, X509 *x);
int
X509_STORE_add_crl(X509_STORE *store, X509_CRL *crl);
X509_VERIFY_PARAM *
X509_STORE_get0_param(X509_STORE *store);
STACK_OF(X509_OBJECT) *
X509_STORE_get1_objects(X509_STORE *store);
STACK_OF(X509_OBJECT) *
X509_STORE_get0_objects(X509_STORE *store);
int
X509_STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
int
X509_STORE_set_ex_data(X509_STORE *store, int idx, void *arg);
void *
X509_STORE_get_ex_data(X509_STORE *store, int idx);

DESCRIPTION

X509_STORE_set1_param() copies the verification parameters from pm using X509_VERIFY_PARAM_set1(3) into the verification parameter object contained in the store.
X509_VERIFY_PARAM_set_flags(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and X509_STORE_set_depth() call X509_VERIFY_PARAM_set_flags(), X509_VERIFY_PARAM_set_purpose(), X509_VERIFY_PARAM_set_trust(), and X509_VERIFY_PARAM_set_depth() on the verification parameter object contained in the store.
X509_STORE_add_cert() and X509_STORE_add_crl() add the certificate x or the certificate revocation list crl to the store, increasing its reference count by 1 in case of success. Untrusted objects should not be added in this way.
X509_STORE_get_ex_new_index(), X509_STORE_set_ex_data(), and X509_STORE_get_ex_data() handle application specific data in X509_STORE objects. Their usage is identical to that of RSA_get_ex_new_index(3), RSA_set_ex_data(3), and RSA_get_ex_data(3). X509_STORE_get_ex_new_index() is implemented as a macro.

RETURN VALUES

X509_STORE_set1_param(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and X509_STORE_set_ex_data() return 1 for success or 0 for failure.
X509_STORE_set_flags() and X509_STORE_set_depth() always return 1, indicating success.
X509_STORE_add_cert() and X509_STORE_add_crl() return 1 for success or 0 for failure. For example, they fail if x or crl is a NULL pointer, if a certificate with the same subject name as x or a revocation list with the same issuer name as crl are already contained in the store, or if memory allocation fails.
X509_STORE_get0_param() returns an internal pointer to the verification parameter object contained in the store. The returned pointer must not be freed by the calling application.
X509_STORE_get1_objects() returns a newly allocated stack containing the certificates, revocation lists, and private keys in store, as well as cached objects added by X509_LOOKUP_hash_dir(3). The caller must release the result with sk_pop_free(3) and X509_OBJECT_free(3) when done.
X509_STORE_get0_objects() is a deprecated function returning an internal pointer to the stack of certificates, revocation lists, and private keys contained in store. The returned pointer must not be modified or freed by the calling application. This function is not thread-safe. If store is shared across multiple threads, callers cannot safely inspect the result of this function, because another thread may have concurrently added to it. In particular, X509_LOOKUP_hash_dir(3) treats this list as a cache and may add to it in the course of certificate verification.
X509_STORE_get_ex_new_index() returns a new index or -1 on failure.
X509_STORE_get_ex_data() returns the application data or NULL on failure.

SEE ALSO

RSA_get_ex_new_index(3), SSL_set1_param(3), X509_LOOKUP_new(3), X509_OBJECT_get0_X509(3), X509_STORE_CTX_set0_param(3), X509_STORE_load_locations(3), X509_STORE_new(3), X509_VERIFY_PARAM_new(3), X509_VERIFY_PARAM_set_flags(3)

HISTORY

X509_STORE_add_cert() first appeared in SSLeay 0.8.0. X509_STORE_add_crl() first appeared in SSLeay 0.9.0. These functions have been available since OpenBSD 2.4.
X509_STORE_set_flags(), X509_STORE_set_purpose(), and X509_STORE_set_trust() first appeared in OpenSSL 0.9.7 and have been available since OpenBSD 3.2.
X509_STORE_set1_param() and X509_STORE_set_depth() first appeared in OpenSSL 0.9.8 and have been available since OpenBSD 4.5.
X509_STORE_get0_param(), X509_STORE_get0_objects(), X509_STORE_get_ex_new_index(), X509_STORE_set_ex_data(), and X509_STORE_get_ex_data() first appeared in OpenSSL 1.1.0 and have been available since OpenBSD 6.3.
X509_STORE_get1_objects() first appeared in BoringSSL and has been available since OpenBSD 7.5.
Copyright 2011-2025 Jonas 'Sortie' Termansen and contributors.
Sortix's source code is free software under the ISC license. 		#sortix on irc.sortix.org
@sortix_org