[thirdparty/openssl.git] / doc / man3 / SSL_load_client_CA_file.pod

=pod

=head1 NAME

SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
SSL_add_file_cert_subjects_to_stack,
SSL_add_dir_cert_subjects_to_stack,
SSL_add_store_cert_subjects_to_stack
- load certificate names

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
                                                 OSSL_LIB_CTX *libctx,
                                                 const char *propq);
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);

 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file);
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir);
 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                          const char *store);

=head1 DESCRIPTION

SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
and property query I<propq> are used when fetching algorithms from providers.

SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
but uses NULL for the library context I<libctx> and property query I<propq>.

SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
and adds their subject name to the already existing I<stack>.

SSL_add_dir_cert_subjects_to_stack() reads certificates from every
file in the directory I<dir>, and adds their subject name to the
already existing I<stack>.

SSL_add_store_cert_subjects_to_stack() loads certificates from the
I<store> URI, and adds their subject name to the already existing
I<stack>.

=head1 NOTES

SSL_load_client_CA_file() reads a file of PEM formatted certificates and
extracts the X509_NAMES of the certificates found. While the name suggests
the specific usage as support function for
L<SSL_CTX_set_client_CA_list(3)>,
it is not limited to CA certificates.

=head1 RETURN VALUES

The following return values can occur for SSL_load_client_CA_file_ex(), and
SSL_load_client_CA_file():

=over 4

=item NULL

The operation failed, check out the error stack for the reason.

=item Pointer to STACK_OF(X509_NAME)

Pointer to the subject names of the successfully read certificates.

=back

The following return values can occur for SSL_add_file_cert_subjects_to_stack(),
SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack():

=over 4

=item 0 (Failure)

The operation failed.

=item 1 (Success)

The operation succeeded.

=back

=head1 EXAMPLES

Load names of CAs from file and use it as a client CA list:

 SSL_CTX *ctx;
 STACK_OF(X509_NAME) *cert_names;

 ...
 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
 if (cert_names != NULL)
     SSL_CTX_set_client_CA_list(ctx, cert_names);
 else
     /* error */
 ...

=head1 SEE ALSO

L<ssl(7)>,
L<ossl_store(7)>,
L<SSL_CTX_set_client_CA_list(3)>

=head1 HISTORY

SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
were added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
356c06c7 RL	1	=pod
	2
	3	=head1 NAME
	4
d8652be0	5	SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
ee669781 RL	6	SSL_add_file_cert_subjects_to_stack,
	7	SSL_add_dir_cert_subjects_to_stack,
	8	SSL_add_store_cert_subjects_to_stack
	9	- load certificate names
356c06c7 RL	10
	11	=head1 SYNOPSIS
	12
	13	#include <openssl/ssl.h>
	14
d8652be0	15	STACK_OF(X509_NAME) SSL_load_client_CA_file_ex(const char file,
b4250010	16	OSSL_LIB_CTX *libctx,
d8652be0	17	const char *propq);
356c06c7 RL	18	STACK_OF(X509_NAME) SSL_load_client_CA_file(const char file);
356c06c7 RL	19
ee669781	20	int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
f64f17c3	21	const char *file);
ee669781	22	int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
f64f17c3	23	const char *dir);
ee669781	24	int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
f64f17c3	25	const char *store);
ee669781	26
356c06c7 RL	27	=head1 DESCRIPTION
356c06c7 RL	28
d8652be0	29	SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
6725682d	30	a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
bea31afe	31	and property query I<propq> are used when fetching algorithms from providers.
6725682d	32
d8652be0	33	SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
bea31afe	34	but uses NULL for the library context I<libctx> and property query I<propq>.
356c06c7	35
ee669781 RL	36	SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
	37	and adds their subject name to the already existing I<stack>.
	38
	39	SSL_add_dir_cert_subjects_to_stack() reads certificates from every
	40	file in the directory I<dir>, and adds their subject name to the
	41	already existing I<stack>.
	42
	43	SSL_add_store_cert_subjects_to_stack() loads certificates from the
	44	I<store> URI, and adds their subject name to the already existing
	45	I<stack>.
	46
356c06c7 RL	47	=head1 NOTES
	48
	49	SSL_load_client_CA_file() reads a file of PEM formatted certificates and
	50	extracts the X509_NAMES of the certificates found. While the name suggests
	51	the specific usage as support function for
9b86974e	52	L<SSL_CTX_set_client_CA_list(3)>,
356c06c7 RL	53	it is not limited to CA certificates.
356c06c7 RL	54
356c06c7 RL	55	=head1 RETURN VALUES
356c06c7 RL	56
9f3a7ca2 SS	57	The following return values can occur for SSL_load_client_CA_file_ex(), and
9f3a7ca2 SS	58	SSL_load_client_CA_file():
356c06c7 RL	59
	60	=over 4
	61
	62	=item NULL
	63
	64	The operation failed, check out the error stack for the reason.
	65
	66	=item Pointer to STACK_OF(X509_NAME)
	67
	68	Pointer to the subject names of the successfully read certificates.
	69
	70	=back
	71
9f3a7ca2 SS	72	The following return values can occur for SSL_add_file_cert_subjects_to_stack(),
	73	SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack():
	74
	75	=over 4
	76
	77	=item 0 (Failure)
	78
	79	The operation failed.
	80
	81	=item 1 (Success)
	82
	83	The operation succeeded.
	84
	85	=back
	86
4564e77a PY	87	=head1 EXAMPLES
	88
	89	Load names of CAs from file and use it as a client CA list:
	90
	91	SSL_CTX *ctx;
	92	STACK_OF(X509_NAME) *cert_names;
	93
	94	...
	95	cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
	96	if (cert_names != NULL)
	97	SSL_CTX_set_client_CA_list(ctx, cert_names);
	98	else
	99	/* error */
	100	...
	101
356c06c7 RL	102	=head1 SEE ALSO
356c06c7 RL	103
b97fdb57	104	L<ssl(7)>,
ee669781	105	L<ossl_store(7)>,
9b86974e	106	L<SSL_CTX_set_client_CA_list(3)>
356c06c7	107
ee669781 RL	108	=head1 HISTORY
ee669781 RL	109
d8652be0	110	SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
6725682d	111	were added in OpenSSL 3.0.
ee669781	112
e2f92610 RS	113	=head1 COPYRIGHT
e2f92610 RS	114
b6461792	115	Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	116
4746f25a	117	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	118	this file except in compliance with the License. You can obtain a copy
	119	in the file LICENSE in the source distribution or at
	120	L<https://www.openssl.org/source/license.html>.
	121
	122	=cut