can any one tell me how the Certificate trust chain is formed with these structures and what these two structure represent?
Taken from the source code in x509vfy.h:
The X509_STORE holds the tables etc for verification stuff. A X509_STORE_CTX is used while validating a single certificate. The X509_STORE has X509_LOOKUPs for looking up certs. The X509_STORE then calls a function to actually verify the certificate chain.
The X509_STORE represents more or less your global certificate validation setup, where you store the intermediate certificates and CRLs. The store can be used multiple times, whereas you set up a X509_STORE_CTX just to perform one validation, after that you discard/free it.
Think of the X509_STORE as your configuration and the X509_STORE_CTX as a stateful one-shot object.
If you'd like to see for yourself I recommend downloading the sources and having a look at app/verify.c.
© 2022 - 2024 — McMap. All rights reserved.