1 files changed, 77 insertions, 0 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
new file mode 100644
index 0000000000..f80670ce78
--- /dev/null
+++ b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
@@ -0,0 +1,77 @@
+.Dd $Mdocdate: October 12 2014 $
+.Dt SSL_CTX_SET_CERT_STORE 3
+.Os
+.Sh NAME
+.Nm SSL_CTX_set_cert_store ,
+.Nm SSL_CTX_get_cert_store
+.Nd manipulate X509 certificate verification storage
+.Sh SYNOPSIS
+.In openssl/ssl.h
+.Ft void
+.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
+.Ft X509_STORE *
+.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
+.Sh DESCRIPTION
+.Fn SSL_CTX_set_cert_store
+setsthe verification storage of
+.Fa ctx
+to or replaces it with
+.Fa store .
+If another
+.Vt X509_STORE
+object is currently set in
+.Fa ctx ,
+it will be
+.Xr X509_STORE_free 3 Ns ed.
+.Pp
+.Fn SSL_CTX_get_cert_store
+returns a pointer to the current certificate verification storage.
+.Sh NOTES
+In order to verify the certificates presented by the peer, trusted CA
+certificates must be accessed.
+These CA certificates are made available via lookup methods, handled inside the
+.Vt X509_STORE .
+From the
+.Vt X509_STORE
+the
+.Vt X509_STORE_CTX
+used when verifying certificates is created.
+.Pp
+Typically the trusted certificate store is handled indirectly via using
+.Xr SSL_CTX_load_verify_locations 3 .
+Using the
+.Fn SSL_CTX_set_cert_store
+and
+.Fn SSL_CTX_get_cert_store
+functions it is possible to manipulate the
+.Vt X509_STORE
+object beyond the
+.Xr SSL_CTX_load_verify_locations 3
+call.
+.Pp
+Currently no detailed documentation on how to use the
+.Vt X509_STORE
+object is available.
+Not all members of the
+.Vt X509_STORE
+are used when the verification takes place.
+So will, for example, the
+.Fn verify_callback
+be overridden with the
+.Fn verify_callback
+set via the
+.Xr SSL_CTX_set_verify 3
+family of functions.
+This document must therefore be updated when documentation about the
+.Vt X509_STORE
+object and its handling becomes available.
+.Sh RETURN VALUES
+.Fn SSL_CTX_set_cert_store
+does not return diagnostic output.
+.Pp
+.Fn SSL_CTX_get_cert_store
+returns the current setting.
+.Sh SEE ALSO
+.Xr ssl 3 ,
+.Xr SSL_CTX_load_verify_locations 3 ,
+.Xr SSL_CTX_set_verify 3

diff --git a/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3 new file mode 100644 index 0000000000..f80670ce78 --- /dev/null +++ b/src/lib/libssl/doc/SSL_CTX_set_cert_store.3
@@ -0,0 +1,77 @@
	1	.Dd $Mdocdate: October 12 2014 $
	2	.Dt SSL_CTX_SET_CERT_STORE 3
	3	.Os
	4	.Sh NAME
	5	.Nm SSL_CTX_set_cert_store ,
	6	.Nm SSL_CTX_get_cert_store
	7	.Nd manipulate X509 certificate verification storage
	8	.Sh SYNOPSIS
	9	.In openssl/ssl.h
	10	.Ft void
	11	.Fn SSL_CTX_set_cert_store "SSL_CTX ctx" "X509_STORE store"
	12	.Ft X509_STORE *
	13	.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
	14	.Sh DESCRIPTION
	15	.Fn SSL_CTX_set_cert_store
	16	setsthe verification storage of
	17	.Fa ctx
	18	to or replaces it with
	19	.Fa store .
	20	If another
	21	.Vt X509_STORE
	22	object is currently set in
	23	.Fa ctx ,
	24	it will be
	25	.Xr X509_STORE_free 3 Ns ed.
	26	.Pp
	27	.Fn SSL_CTX_get_cert_store
	28	returns a pointer to the current certificate verification storage.
	29	.Sh NOTES
	30	In order to verify the certificates presented by the peer, trusted CA
	31	certificates must be accessed.
	32	These CA certificates are made available via lookup methods, handled inside the
	33	.Vt X509_STORE .
	34	From the
	35	.Vt X509_STORE
	36	the
	37	.Vt X509_STORE_CTX
	38	used when verifying certificates is created.
	39	.Pp
	40	Typically the trusted certificate store is handled indirectly via using
	41	.Xr SSL_CTX_load_verify_locations 3 .
	42	Using the
	43	.Fn SSL_CTX_set_cert_store
	44	and
	45	.Fn SSL_CTX_get_cert_store
	46	functions it is possible to manipulate the
	47	.Vt X509_STORE
	48	object beyond the
	49	.Xr SSL_CTX_load_verify_locations 3
	50	call.
	51	.Pp
	52	Currently no detailed documentation on how to use the
	53	.Vt X509_STORE
	54	object is available.
	55	Not all members of the
	56	.Vt X509_STORE
	57	are used when the verification takes place.
	58	So will, for example, the
	59	.Fn verify_callback
	60	be overridden with the
	61	.Fn verify_callback
	62	set via the
	63	.Xr SSL_CTX_set_verify 3
	64	family of functions.
	65	This document must therefore be updated when documentation about the
	66	.Vt X509_STORE
	67	object and its handling becomes available.
	68	.Sh RETURN VALUES
	69	.Fn SSL_CTX_set_cert_store
	70	does not return diagnostic output.
	71	.Pp
	72	.Fn SSL_CTX_get_cert_store
	73	returns the current setting.
	74	.Sh SEE ALSO
	75	.Xr ssl 3 ,
	76	.Xr SSL_CTX_load_verify_locations 3 ,
	77	.Xr SSL_CTX_set_verify 3