1. How to validate server certificates with certificates in the certificate manager

CST * storage = CST_open_file("storage.cst", FALSE, NULL);

X509 * cert = ... // Some cert received from server

if (CST_is_valid(storage, cert))
{
    printf("Certificate is valid");
}
else
{
    printf("Certificate expired, have not valid sign or signed by untrusted...");
}

CST_close(storage);

2. How to get all CA certificates (ID) and print it

GSList * ca_list = CST_search_by_folder(storage, CST_FOLDER_CA);
GSList * i;
for (i = ca_list; i != NULL; i = i->next)
{
    printf("certID: %u\n", GPOINTER_TO_UINT(i->data));
}
g_slist_free(ca_list);

Note: GPOINTER_TO_UINT - macros defined in glib-2.0

3. How to get all client certificates (personal)

GSList * client_list = CST_search_by_folder(storage, CST_FOLDER_PERSONAL);

4. Get default certificate and key for given e-mail

a)
guint defaultCertID = CST_default_cert_id(storage, "some@email");
if (defaultCertID > 0)
{
    EVP_PKEY * defaultPrivateKey = CST_get_asssigned_key(storage, defaultCertID, "somepassword");
    if (defaultPrivateKey != NULL)
    {
        ...
    }

    X509 * defaultCertX509 = CST_get_cert(storage, defaultCertID);
    if (defaultCertX509 != NULL)
    {
        ...
    }
}

b)
EVP_PKEY * defaultPrivateKey = CST_get_priv_key_default(storage, "some@email", "somepassword");
X509 * defaultCertX509 = CST_get_default_cert(storage, "some@email");
