On 2008.04.04 at 15:53:33 +0200, roberto calosino wrote:

> Hello,
>
> I'd like to know the difference between X509_STORE (X509_STORE_new) and STACK_OF(X509) (sk_X509_new).
> What kind of additional information contains a X509_STORE ?


Stack is generic data structure. There are stacks of everything in
Openssl. Stack is no more than variable-size array.

X509_STORE is quite another matter. It is generic access interface
for CA cerrrtificate database. It can store CRLS as well as
certificates, lookup certificates by subject and by fingerprint, build
validation chains etc.

OpenSSL itself provides just two X509_STORE_METHODs - one which loads
pack of cerriticates from file and caches them in the memory, and one
which uses dierectory with hashed names as backend storage.

But nothing (short of lack of documentation) prevents you from writing
your own X509_STORE_METHOD and use relational DBMS or something else for
certificate storage. All OpenSSL fucntions which verify certificates
would transparently use your storage using X509_STORE interface.

> Thank you very much in advance.
> __________________________________________________ _______________________
> Mit der Gruppen-SMS von WEB.DE FreeMail k?nnen Sie eine SMS an alle
> Freunde gleichzeitig schicken: http://freemail.web.de/features/?mc=021179
>
>
>
> __________________________________________________ ____________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majordomo@openssl.org
>

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org