NAME    [Toc]    [Back]

       SSL_CTX_set_cert_store - Manipulate X509 certificate verification
 storage.

SYNOPSIS    [Toc]    [Back]

       #include <openssl/ssl.h>

       void SSL_CTX_set_cert_store(
               SSL_CTX *ctx,
               X509_STORE       *store       );        X509_STORE
       *SSL_CTX_get_cert_store(
               SSL_CTX *ctx );

DESCRIPTION    [Toc]    [Back]

       The  SSL_CTX_set_cert_store()  function  sets/replaces the
       certificate verification  storage of  ctx  to/with  store.
       If  another  X509_STORE object is currently set in ctx, it
       will be X509_STORE_free()ed. The  SSL_CTX_get_cert_store()
       function returns a pointer to the current certificate verification
 storage.

NOTES    [Toc]    [Back]

       In order to verify the certificates presented by the peer,
       trusted  CA  certificates  must be accessed. These CA certificates
 are made available via lookup  methods,  handled
       inside the X509_STORE.

       From  the X509_STORE, the X509_STORE_CTX used when verifying
 certificates is created.       Typically  the  trusted
       certificate  store  is  handled  indirectly  via using the
       SSL_CTX_load_verify_locations()function.     Using     the
       SSL_CTX_set_cert_store()  and the SSL_CTX_get_cert_store()
       functions it is  possible  to  manipulate  the  X509_STORE
       object  beyond  the  SSL_CTX_load_verify_locations() function.


       Not all members of the X509_STORE are used when the  verification
 takes place, but no detailed documentation on how
       to use the X509_STORE object is currently available.

RETURN VALUES    [Toc]    [Back]

       The  SSL_CTX_set_cert_store()  function  does  not  return
       diagnostic output.

       The  SSL_CTX_get_cert_store() function returns the current
       setting.

SEE ALSO    [Toc]    [Back]

       Functions:    ssl(3),    SSL_CTX_load_verify_locations(3),
       SSL_CTX_set_verify(3)



                                        SSL_CTX_set_cert_store(3)