X509_STORE和X509_STORE_CTX有什么区别? [英] what is the difference between X509_STORE and X509_STORE_CTX .?
问题描述
谁能告诉我证书信任链是如何由这些结构形成的,以及这两个结构代表什么?
can any one tell me how the Certificate trust chain is formed with these structures and what these two structure represent?
推荐答案
取自x509vfy.h中的源代码:
Taken from the source code in x509vfy.h:
X509_STORE包含用于验证内容的表等. 验证单个证书时使用X509_STORE_CTX. X509_STORE具有用于查找证书的X509_LOOKUP. 然后X509_STORE调用一个函数来实际验证 证书链.
The X509_STORE holds the tables etc for verification stuff. A X509_STORE_CTX is used while validating a single certificate. The X509_STORE has X509_LOOKUPs for looking up certs. The X509_STORE then calls a function to actually verify the certificate chain.
X509_STORE或多或少代表您的全局证书验证设置,您可以在其中存储中间证书和CRL.该商店可以使用多次,而您设置X509_STORE_CTX只是为了执行一次验证,然后丢弃/释放它.
The X509_STORE represents more or less your global certificate validation setup, where you store the intermediate certificates and CRLs. The store can be used multiple times, whereas you set up a X509_STORE_CTX just to perform one validation, after that you discard/free it.
将X509_STORE作为您的配置,将X509_STORE_CTX作为一个有状态的一次性对象.
Think of the X509_STORE as your configuration and the X509_STORE_CTX as a stateful one-shot object.
如果您想亲自看看,我建议下载源代码并查看app/verify.c.
If you'd like to see for yourself I recommend downloading the sources and having a look at app/verify.c.
这篇关于X509_STORE和X509_STORE_CTX有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!