manpagez: man pages & more
man X509_get_default_cert_dir_env(3)
Home | html | info | man
X509_GET_DEFAULT_CERT_FILE(3ossl)   OpenSSL  X509_GET_DEFAULT_CERT_FILE(3ossl)



NAME

       X509_get_default_cert_file, X509_get_default_cert_file_env,
       X509_get_default_cert_dir, X509_get_default_cert_dir_env - retrieve
       default locations for trusted CA certificates


SYNOPSIS

        #include <openssl/x509.h>

        const char *X509_get_default_cert_file(void);
        const char *X509_get_default_cert_dir(void);

        const char *X509_get_default_cert_file_env(void);
        const char *X509_get_default_cert_dir_env(void);


DESCRIPTION

       The X509_get_default_cert_file(3) function returns the default path to a
       file containing trusted CA certificates. OpenSSL will use this as the
       default path when it is asked to load trusted CA certificates from a
       file and no other path is specified. If the file exists, CA
       certificates are loaded from the file.

       The X509_get_default_cert_dir() function returns a default
       delimeter-separated list of paths to a directories containing trusted
       CA certificates named in the hashed format. OpenSSL will use this as
       the default list of paths when it is asked to load trusted CA
       certificates from a directory and no other path is specified. If a
       given directory in the list exists, OpenSSL attempts to lookup CA
       certificates in this directory by calculating a filename based on a
       hash of the certificate's subject name.

       X509_get_default_cert_file_env() returns an environment variable name
       which is recommended to specify a nondefault value to be used instead
       of the value returned by X509_get_default_cert_file(3). The value
       returned by the latter function is not affected by these environment
       variables; you must check for this environment variable yourself, using
       this function to retrieve the correct environment variable name. If an
       environment variable is not set, the value returned by the
       X509_get_default_cert_file(3) should be used.

       X509_get_default_cert_dir_env() returns the environment variable name
       which is recommended to specify a nondefault value to be used instead
       of the value returned by X509_get_default_cert_dir(). The value
       specified by this environment variable can also be a store URI (but see
       BUGS below).


BUGS

       By default (for example, when X509_STORE_set_default_paths(3) is used),
       the environment variable name returned by
       X509_get_default_cert_dir_env() is interpreted both as a
       delimiter-separated list of paths, and as a store URI.  This is
       ambiguous. For example, specifying a value of "file:///etc/certs" would
       cause instantiation of the "file" store provided as part of the default
       provider, but would also cause an X509_LOOKUP_hash_dir(3) instance to
       look for certificates in the directory "file" (relative to the current
       working directory) and the directory "///etc/certs". This can be
       avoided by avoiding use of the environment variable mechanism and using
       other methods to construct X509_LOOKUP instances.


RETURN VALUES

       These functions return pointers to constant strings with static storage
       duration.


SEE ALSO

       X509_LOOKUP(3), SSL_CTX_set_default_verify_file(3),
       SSL_CTX_set_default_verify_dir(3), SSL_CTX_set_default_verify_store(3),
       SSL_CTX_load_verify_file(3), SSL_CTX_load_verify_dir(3),
       SSL_CTX_load_verify_store(3), SSL_CTX_load_verify_locations(3)


COPYRIGHT

       Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.3.2                             2024-09-04 X509_GET_DEFAULT_CERT_FILE(3ossl)

openssl 3.3.2 - Generated Sun Sep 29 16:39:35 CDT 2024
© manpagez.com 2000-2025
Individual documents may contain additional copyright information.