Add X509_STORE_CTX_set0_trusted_stack.

OpenSSL renamed X509_STORE_CTX_trusted_stack to
X509_STORE_CTX_set0_trusted_stack. This name is a partially an
improvement as this is a setter, and partially a setback. The "set0"
name is a bit misleading.

set0 is narrowly correct, in that this function does not adjust
refcounts. But usually set0 functions don't adjust refcounts because
they take ownership of the input. This function does not. It simply
borrows the pointer and assumes it will remain valid for the duration of

OpenSSL also renamed X509_STORE_CTX_set_chain to
X509_STORE_CTX_set0_untrusted. I've declined to add that one for now, in
hopes that we can remove both functions. From what I can tell, there's
no point in ever using either function. It's redundant with the last
parameter to X509_STORE_CTX_init.

Change-Id: I0ef37ba56a2feece6f927f033bdcb4671225dc6f
Reviewed-by: Adam Langley <>
Auto-Submit: David Benjamin <>
Commit-Queue: Adam Langley <>
diff --git a/crypto/x509/ b/crypto/x509/
index 58fdd26..1bb6ff2 100644
--- a/crypto/x509/
+++ b/crypto/x509/
@@ -1145,7 +1145,7 @@
     return X509_V_ERR_UNSPECIFIED;
-  X509_STORE_CTX_trusted_stack(ctx.get(), roots_stack.get());
+  X509_STORE_CTX_set0_trusted_stack(ctx.get(), roots_stack.get());
   X509_STORE_CTX_set0_crls(ctx.get(), crls_stack.get());
   X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx.get());
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index eca2d1e..7d445f7 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2290,11 +2290,16 @@
 // Set alternative lookup method: just a STACK of trusted certificates. This
 // avoids X509_STORE nastiness where it isn't needed.
-void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *sk) {
   ctx->other_ctx = sk;
   ctx->get_issuer = get_issuer_sk;
+void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) {
+  X509_STORE_CTX_set0_trusted_stack(ctx, sk);
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) {
   // We need to be idempotent because, unfortunately, |X509_STORE_CTX_free|
   // also calls this function.
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 57eb002..441e64c 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -2684,8 +2684,21 @@
 OPENSSL_EXPORT void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
                                        X509 *x509, STACK_OF(X509) *chain);
+// X509_STORE_CTX_set0_trusted_stack configures |ctx| to trust the certificates
+// in |sk|. |sk| must remain valid for the duration of |ctx|.
+// WARNING: This function differs from most |set0| functions in that it does not
+// take ownership of its input. The caller is required to ensure the lifetimes
+// are consistent.
+OPENSSL_EXPORT void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx,
+                                                      STACK_OF(X509) *sk);
+// X509_STORE_CTX_trusted_stack is a deprecated alias for
+// |X509_STORE_CTX_set0_trusted_stack|.
 OPENSSL_EXPORT void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx,
                                                  STACK_OF(X509) *sk);
 OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
 OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);