1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
.\" -*- mode: troff; coding: utf-8 -*-
.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
.ie n \{\
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds C`
. ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is >0, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{\
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
.\"
.\" Required to disable full justification in groff 1.23.0.
.if n .ds AD l
.\" ========================================================================
.\"
.IX Title "TS_VERIFY_CTX 3ossl"
.TH TS_VERIFY_CTX 3ossl 2026-04-07 3.5.6 OpenSSL
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH NAME
TS_VERIFY_CTX, TS_VERIFY_CTX_new, TS_VERIFY_CTX_init, TS_VERIFY_CTX_free,
TS_VERIFY_CTX_cleanup, TS_VERIFY_CTX_set_flags, TS_VERIFY_CTX_add_flags,
TS_VERIFY_CTX_set0_data, TS_VERIFY_CTX_set0_imprint, TS_VERIFY_CTX_set0_store,
TS_VERIFY_CTX_set0_certs, TS_VERIFY_CTX_set_certs, TS_VERIFY_CTS_set_certs,
TS_VERIFY_CTX_set_data, TS_VERIFY_CTX_set_imprint, TS_VERIFY_CTX_set_store
\&\- manage the TS response verification context
.SH SYNOPSIS
.IX Header "SYNOPSIS"
.Vb 1
\& #include <openssl/ts.h>
\&
\& typedef struct TS_verify_ctx TS_VERIFY_CTX;
\&
\& TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
\& void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
\& void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
\& void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
\& int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
\& int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
\& int TS_VERIFY_CTX_set0_data(TS_VERIFY_CTX *ctx, BIO *b);
\& int TS_VERIFY_CTX_set0_imprint(TS_VERIFY_CTX *ctx,
\& unsigned char *hexstr, long len);
\& int TS_VERIFY_CTX_set0_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
\& int TS_VERIFY_CTX_set0_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
.Ve
.PP
The following functions have been deprecated since OpenSSL 3.4:
.PP
.Vb 6
\& BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
\& unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
\& unsigned char *hexstr, long len);
\& X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
\& STACK_OF(X509) *TS_VERIFY_CTX_set_certs(TS_VERIFY_CTX *ctx,
\& STACK_OF(X509) *certs);
.Ve
.PP
The following function has been deprecated since OpenSSL 3.0:
.PP
.Vb 2
\& STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
\& STACK_OF(X509) *certs);
.Ve
.SH DESCRIPTION
.IX Header "DESCRIPTION"
The Time\-Stamp Protocol (TSP) is defined by RFC 3161. TSP is a protocol used to
provide long\-term proof of the existence of certain data before a particular
time. TSP defines a Time Stamping Authority (TSA) and an entity that makes
requests to the TSA. Usually, the TSA is referred to as the server side, and the
requesting entity is referred to as the client.
.PP
In TSP, when a server sends a response to a client, the server normally
needs to sign the response data \- the TimeStampToken (TST) \- with its private
key. Then the client verifies the received TST using the server\*(Aqs certificate
chain.
.PP
For all the following methods, unless noted otherwise, \fIctx\fR is the
verification context created in advance.
.PP
\&\fBTS_VERIFY_CTX_new()\fR returns an allocated \fBTS_VERIFY_CTX\fR structure.
.PP
\&\fBTS_VERIFY_CTX_init()\fR initializes a verification context.
.PP
\&\fBTS_VERIFY_CTX_free()\fR frees up a \fBTS_VERIFY_CTX\fR object. \fIctx\fR is the
verification context to be freed. If \fIctx\fR is NULL, the call is ignored.
.PP
\&\fBTS_VERIFY_CTX_set_flags()\fR sets the flags in the verification context. \fIf\fR are
the flags to be set.
.PP
\&\fBTS_VERIFY_CTX_add_flags()\fR adds flags to the verification context. \fIf\fR are the
flags to be added (OR\*(Aqd).
.PP
\&\fBTS_VERIFY_CTX_set0_data()\fR sets the data to be verified. \fIb\fR is the \fBBIO\fR with
the data. A previously assigned \fBBIO\fR is freed.
.PP
\&\fBTS_VERIFY_CTX_set0_imprint()\fR sets the message imprint. \fIhexstr\fR is the
message imprint to be assigned. A previously assigned imprint is freed.
.PP
\&\fBTS_VERIFY_CTX_set0_store()\fR sets the store for the verification context. \fIs\fR is
the store to be assigned. A previously assigned store is freed.
.PP
\&\fBTS_VERIFY_CTX_set0_certs()\fR is used to set the server\*(Aqs certificate chain when
verifying a TST. \fIcerts\fR is a stack of \fBX509\fR certificates.
.PP
\&\fBTS_VERIFY_CTX_cleanup()\fR frees all data associated with the given
\&\fBTS_VERIFY_CTX\fR object and initializes it. \fIctx\fR is the verification context
created in advance. If \fIctx\fR is NULL, the call is ignored.
.PP
All of the following functions described are deprecated. Applications should
instead use the functions \fBTS_VERIFY_CTX_set0_data\fR\|(3),
\&\fBTS_VERIFY_CTX_set0_imprint\fR\|(3), \fBTS_VERIFY_CTX_set0_store\fR\|(3),
\&\fBTS_VERIFY_CTX_set0_certs\fR\|(3).
.PP
\&\fBTS_VERIFY_CTX_set_data()\fR is used to set the BIO with the data to be verified.
A previously assigned BIO is \fBnot freed\fR by this call. \fIb\fR is the \fBBIO\fR
with the data to assign.
.PP
\&\fBTS_VERIFY_CTX_set_imprint()\fR is used to set the message imprint. A previously
assigned imprint \fBis freed\fR by this call. \fIhexstr\fR is the string with the
message imprint to assign.
.PP
\&\fBTS_VERIFY_CTX_set_store()\fR is used to set the certificate store. A previously
assigned store is \fBnot freed\fR by this call. \fIs\fR is the store to assign.
.PP
\&\fBTS_VERIFY_CTX_set_certs()\fR is used to set the server\*(Aqs certificate chain.
A previously assigned stack is \fBnot freed\fR by this call. \fIcerts\fR is a stack
of \fBX509\fR certificates.
.PP
\&\fBTS_VERIFY_CTS_set_certs()\fR is a misspelled version of \fBTS_VERIFY_CTX_set_certs()\fR
which takes the same parameters and returns the same result.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
\&\fBTS_VERIFY_CTX_new()\fR returns an allocated \fBTS_VERIFY_CTX\fR structure.
.PP
\&\fBTS_VERIFY_CTX_set_flags()\fR returns the flags passed via parameter \fIf\fR.
.PP
\&\fBTS_VERIFY_CTX_add_flags()\fR returns the flags of the context after the ones
passed via parameter \fIf\fR are added to it.
.PP
\&\fBTS_VERIFY_CTX_set0_data()\fR, \fBTS_VERIFY_CTX_set0_imprint()\fR,
\&\fBTS_VERIFY_CTX_set0_store()\fR, and \fBTS_VERIFY_CTX_set0_certs()\fR return 1 if the
value could be successfully set and 0 in case of any error.
.PP
The deprecated functions \fBTS_VERIFY_CTX_set_data()\fR, \fBTS_VERIFY_CTX_set_imprint()\fR,
\&\fBTS_VERIFY_CTX_set_store()\fR, \fBTS_VERIFY_CTX_set_certs()\fR return the parameter
the user passes via parameter \fIbio\fR, \fIhexstr\fR, \fIs\fR or \fIcerts\fR.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fBOSSL_ESS_check_signing_certs\fR\|(3)
.SH HISTORY
.IX Header "HISTORY"
\&\fBTS_VERIFY_CTX_set0_data()\fR, \fBTS_VERIFY_CTX_set0_imprint()\fR,
\&\fBTS_VERIFY_CTX_set0_store()\fR, \fBTS_VERIFY_CTX_set0_certs()\fR replace the functions
\&\fBTS_VERIFY_CTX_set_data()\fR, \fBTS_VERIFY_CTX_set_imprint()\fR,
\&\fBTS_VERIFY_CTX_set_store()\fR, \fBTS_VERIFY_CTX_set_certs()\fR that were deprecated
in OpenSSL 3.4.0.
.PP
The spelling of \fBTS_VERIFY_CTX_set_certs()\fR was corrected in OpenSSL 3.0.0.
The misspelled version \fBTS_VERIFY_CTS_set_certs()\fR has been retained for
compatibility reasons, but it is deprecated in OpenSSL 3.0.0.
.SH COPYRIGHT
.IX Header "COPYRIGHT"
Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
|
