X509_STORE_new¶

NAME¶

X509_STORE_new, X509_STORE_up_ref, X509_STORE_free, X509_STORE_lock,X509_STORE_unlock - X509_STORE allocation, freeing and locking functions

SYNOPSIS¶

#include <openssl/x509_vfy.h>

X509_STORE *X509_STORE_new(void);
void X509_STORE_free(X509_STORE *xs);
int X509_STORE_lock(X509_STORE *xs);
int X509_STORE_unlock(X509_STORE *xs);
int X509_STORE_up_ref(X509_STORE *xs);

DESCRIPTION¶

The X509_STORE_new() function returns a new X509_STORE.

X509_STORE_up_ref() increments the reference count associated with the X509_STORE object.

X509_STORE_lock() locks the store from reads and writes by other threads, and X509_STORE_unlock() unlocks it. Not all operations require locking the store, see the notes on thread safety below.

X509_STORE_free() decrements the reference count of the X509_STORE object. The store's memory is only freed when its reference count drops to zero. If the argument is NULL, nothing is done.

NOTES¶

Thread Safety¶

When an X509_STORE is shared across multiple threads, each thread or component that holds a pointer to it should call X509_STORE_up_ref() to acquire a reference, and release the reference with X509_STORE_free() when done.

Adding certificates or CRLs, for example X509_STORE_add_cert(3) or X509_STORE_add_crl(3), as well as looking up objects from the cache with X509_STORE_CTX_get_by_subject(3) are safe to call concurrently from multiple threads on the same store without external synchronization, provided the ownership to the X509_STORE is obtained by acquiring a reference in advance.

Store configuration functions (X509_STORE_set_flags(), X509_STORE_set_depth(), X509_STORE_set_purpose(), X509_STORE_set_trust(), and similar) are not safe to call concurrently with any other operation on the same store; the store must be fully configured before being shared with other threads.

One useful pattern is having a single owner thread that calls X509_STORE_free() only after joining with all threads that use the store.

RETURN VALUES¶

X509_STORE_new() returns a newly created X509_STORE or NULL if the call fails.

X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() return 1 for success and 0 for failure.

X509_STORE_free() does not return values.

SEE ALSO¶

X509_STORE_set_verify_cb_func(3)X509_STORE_get0_param(3)

HISTORY¶

The X509_STORE_up_ref(), X509_STORE_lock() and X509_STORE_unlock() functions were added in OpenSSL 1.1.0.

COPYRIGHT¶

Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at https://www.openssl.org/source/license.html.