]>
Commit | Line | Data |
---|---|---|
356c06c7 RL |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
d8652be0 | 5 | SSL_load_client_CA_file_ex, SSL_load_client_CA_file, |
ee669781 RL |
6 | SSL_add_file_cert_subjects_to_stack, |
7 | SSL_add_dir_cert_subjects_to_stack, | |
8 | SSL_add_store_cert_subjects_to_stack | |
9 | - load certificate names | |
356c06c7 RL |
10 | |
11 | =head1 SYNOPSIS | |
12 | ||
13 | #include <openssl/ssl.h> | |
14 | ||
d8652be0 | 15 | STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, |
b4250010 | 16 | OSSL_LIB_CTX *libctx, |
d8652be0 | 17 | const char *propq); |
356c06c7 RL |
18 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); |
19 | ||
ee669781 | 20 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
f64f17c3 | 21 | const char *file); |
ee669781 | 22 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
f64f17c3 | 23 | const char *dir); |
ee669781 | 24 | int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, |
f64f17c3 | 25 | const char *store); |
ee669781 | 26 | |
356c06c7 RL |
27 | =head1 DESCRIPTION |
28 | ||
d8652be0 | 29 | SSL_load_client_CA_file_ex() reads certificates from I<file> and returns |
6725682d SL |
30 | a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx> |
31 | and property query <propq> are used when fetching algorithms from providers. | |
32 | ||
d8652be0 | 33 | SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex() |
6725682d | 34 | but uses NULL for the library context I<libctx> and property query <propq>. |
356c06c7 | 35 | |
ee669781 RL |
36 | SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>, |
37 | and adds their subject name to the already existing I<stack>. | |
38 | ||
39 | SSL_add_dir_cert_subjects_to_stack() reads certificates from every | |
40 | file in the directory I<dir>, and adds their subject name to the | |
41 | already existing I<stack>. | |
42 | ||
43 | SSL_add_store_cert_subjects_to_stack() loads certificates from the | |
44 | I<store> URI, and adds their subject name to the already existing | |
45 | I<stack>. | |
46 | ||
356c06c7 RL |
47 | =head1 NOTES |
48 | ||
49 | SSL_load_client_CA_file() reads a file of PEM formatted certificates and | |
50 | extracts the X509_NAMES of the certificates found. While the name suggests | |
51 | the specific usage as support function for | |
9b86974e | 52 | L<SSL_CTX_set_client_CA_list(3)>, |
356c06c7 RL |
53 | it is not limited to CA certificates. |
54 | ||
356c06c7 RL |
55 | =head1 RETURN VALUES |
56 | ||
57 | The following return values can occur: | |
58 | ||
59 | =over 4 | |
60 | ||
61 | =item NULL | |
62 | ||
63 | The operation failed, check out the error stack for the reason. | |
64 | ||
65 | =item Pointer to STACK_OF(X509_NAME) | |
66 | ||
67 | Pointer to the subject names of the successfully read certificates. | |
68 | ||
69 | =back | |
70 | ||
4564e77a PY |
71 | =head1 EXAMPLES |
72 | ||
73 | Load names of CAs from file and use it as a client CA list: | |
74 | ||
75 | SSL_CTX *ctx; | |
76 | STACK_OF(X509_NAME) *cert_names; | |
77 | ||
78 | ... | |
79 | cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); | |
80 | if (cert_names != NULL) | |
81 | SSL_CTX_set_client_CA_list(ctx, cert_names); | |
82 | else | |
83 | /* error */ | |
84 | ... | |
85 | ||
356c06c7 RL |
86 | =head1 SEE ALSO |
87 | ||
b97fdb57 | 88 | L<ssl(7)>, |
ee669781 | 89 | L<ossl_store(7)>, |
9b86974e | 90 | L<SSL_CTX_set_client_CA_list(3)> |
356c06c7 | 91 | |
ee669781 RL |
92 | =head1 HISTORY |
93 | ||
d8652be0 | 94 | SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack() |
6725682d | 95 | were added in OpenSSL 3.0. |
ee669781 | 96 | |
e2f92610 RS |
97 | =head1 COPYRIGHT |
98 | ||
0f84cbc3 | 99 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 100 | |
4746f25a | 101 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
102 | this file except in compliance with the License. You can obtain a copy |
103 | in the file LICENSE in the source distribution or at | |
104 | L<https://www.openssl.org/source/license.html>. | |
105 | ||
106 | =cut |