Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

what is the difference between X509_STORE and X509_STORE_CTX .?

can any one tell me how the Certificate trust chain is formed with these structures and what these two structure represent?

like image 263
Balamurugan Avatar asked Jul 11 '11 07:07

Balamurugan


1 Answers

Taken from the source code in x509vfy.h:

The X509_STORE holds the tables etc for verification stuff. A X509_STORE_CTX is used while validating a single certificate. The X509_STORE has X509_LOOKUPs for looking up certs. The X509_STORE then calls a function to actually verify the certificate chain.

The X509_STORE represents more or less your global certificate validation setup, where you store the intermediate certificates and CRLs. The store can be used multiple times, whereas you set up a X509_STORE_CTX just to perform one validation, after that you discard/free it.

Think of the X509_STORE as your configuration and the X509_STORE_CTX as a stateful one-shot object.

If you'd like to see for yourself I recommend downloading the sources and having a look at app/verify.c.

like image 156
emboss Avatar answered Sep 30 '22 19:09

emboss