diff options
Diffstat (limited to 'doc/crypto')
-rw-r--r-- | doc/crypto/X509_STORE_CTX_get_error.pod | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/doc/crypto/X509_STORE_CTX_get_error.pod b/doc/crypto/X509_STORE_CTX_get_error.pod index 8c3975c6e2..5ca3cdcbdd 100644 --- a/doc/crypto/X509_STORE_CTX_get_error.pod +++ b/doc/crypto/X509_STORE_CTX_get_error.pod @@ -4,8 +4,10 @@ X509_STORE_CTX_get_error, X509_STORE_CTX_set_error, X509_STORE_CTX_get_error_depth, X509_STORE_CTX_set_error_depth, -X509_STORE_CTX_get_current_cert, X509_STORE_CTX_get0_cert, -X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificate verification status information +X509_STORE_CTX_get_current_cert, X509_STORE_CTX_set_current_cert, +X509_STORE_CTX_get0_cert, X509_STORE_CTX_get1_chain, +X509_verify_cert_error_string - get or set certificate verification status +information =head1 SYNOPSIS @@ -13,10 +15,11 @@ X509_STORE_CTX_get1_chain, X509_verify_cert_error_string - get or set certificat #include <openssl/x509_vfy.h> int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); - void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); + void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s); int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth); X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); + void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x); X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx); STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); @@ -44,11 +47,23 @@ X509_STORE_CTX_set_error_depth() sets the error B<depth>. This can be used in combination with X509_STORE_CTX_set_error() to set the depth at which an error condition was detected. -X509_STORE_CTX_get0_cert() returns the leaf certificate being verified. - X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which caused the error or B<NULL> if no certificate is relevant. +X509_STORE_CTX_set_current_cert() sets the certificate B<x> in B<ctx> which +caused the error. +This value is not intended to remain valid for very long, and remains owned by +the caller. +It may be examined by a verification callback invoked to handle each error +encountered during chain verification and is no longer required after such a +callback. +If a callback wishes the save the certificate for use after it returns, it +needs to increment its reference count via L<X509_up_ref(3)>. +Once such a I<saved> certificate is no longer needed it can be freed with +L<X509_free(3)>. + +X509_STORE_CTX_get0_cert() returns the leaf certificate being verified. + X509_STORE_CTX_get1_chain() returns a complete validate chain if a previous call to X509_verify_cert() is successful. If the call to X509_verify_cert() is B<not> successful the returned chain may be incomplete or invalid. The @@ -307,7 +322,9 @@ thread safe but will never happen unless an invalid code is passed. =head1 SEE ALSO -L<X509_verify_cert(3)> +L<X509_verify_cert(3)>, +L<X509_up_ref(3)>, +L<X509_free(3)>. =head1 HISTORY |