X509_STORE和X509_STORE_CTX有什么区别? [英] what is the difference between X509_STORE and X509_STORE_CTX .?

问题描述

谁能告诉我证书信任链是如何由这些结构形成的，以及这两个结构代表什么?

can any one tell me how the Certificate trust chain is formed with these structures and what these two structure represent?

推荐答案

取自x509vfy.h中的源代码:

Taken from the source code in x509vfy.h:

X509_STORE包含用于验证内容的表等. 验证单个证书时使用X509_STORE_CTX. X509_STORE具有用于查找证书的X509_LOOKUP. 然后X509_STORE调用一个函数来实际验证 证书链.

The X509_STORE holds the tables etc for verification stuff. A X509_STORE_CTX is used while validating a single certificate. The X509_STORE has X509_LOOKUPs for looking up certs. The X509_STORE then calls a function to actually verify the certificate chain.

X509_STORE或多或少代表您的全局证书验证设置，您可以在其中存储中间证书和CRL.该商店可以使用多次，而您设置X509_STORE_CTX只是为了执行一次验证，然后丢弃/释放它.

The X509_STORE represents more or less your global certificate validation setup, where you store the intermediate certificates and CRLs. The store can be used multiple times, whereas you set up a X509_STORE_CTX just to perform one validation, after that you discard/free it.

将X509_STORE作为您的配置，将X509_STORE_CTX作为一个有状态的一次性对象.

Think of the X509_STORE as your configuration and the X509_STORE_CTX as a stateful one-shot object.

如果您想亲自看看，我建议下载源代码并查看app/verify.c.

If you'd like to see for yourself I recommend downloading the sources and having a look at app/verify.c.

这篇关于X509_STORE和X509_STORE_CTX有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！