mirror of
https://github.com/openssl/openssl.git
synced 2024-12-21 06:09:35 +08:00
b646179229
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355
)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
123 lines
3.4 KiB
Plaintext
123 lines
3.4 KiB
Plaintext
=pod
|
|
|
|
=head1 NAME
|
|
|
|
SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
|
|
SSL_add_file_cert_subjects_to_stack,
|
|
SSL_add_dir_cert_subjects_to_stack,
|
|
SSL_add_store_cert_subjects_to_stack
|
|
- load certificate names
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
|
|
OSSL_LIB_CTX *libctx,
|
|
const char *propq);
|
|
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
|
|
|
|
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
|
const char *file);
|
|
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
|
const char *dir);
|
|
int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
|
|
const char *store);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
|
|
a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
|
|
and property query I<propq> are used when fetching algorithms from providers.
|
|
|
|
SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
|
|
but uses NULL for the library context I<libctx> and property query I<propq>.
|
|
|
|
SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
|
|
and adds their subject name to the already existing I<stack>.
|
|
|
|
SSL_add_dir_cert_subjects_to_stack() reads certificates from every
|
|
file in the directory I<dir>, and adds their subject name to the
|
|
already existing I<stack>.
|
|
|
|
SSL_add_store_cert_subjects_to_stack() loads certificates from the
|
|
I<store> URI, and adds their subject name to the already existing
|
|
I<stack>.
|
|
|
|
=head1 NOTES
|
|
|
|
SSL_load_client_CA_file() reads a file of PEM formatted certificates and
|
|
extracts the X509_NAMES of the certificates found. While the name suggests
|
|
the specific usage as support function for
|
|
L<SSL_CTX_set_client_CA_list(3)>,
|
|
it is not limited to CA certificates.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
The following return values can occur for SSL_load_client_CA_file_ex(), and
|
|
SSL_load_client_CA_file():
|
|
|
|
=over 4
|
|
|
|
=item NULL
|
|
|
|
The operation failed, check out the error stack for the reason.
|
|
|
|
=item Pointer to STACK_OF(X509_NAME)
|
|
|
|
Pointer to the subject names of the successfully read certificates.
|
|
|
|
=back
|
|
|
|
The following return values can occur for SSL_add_file_cert_subjects_to_stack(),
|
|
SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack():
|
|
|
|
=over 4
|
|
|
|
=item 0 (Failure)
|
|
|
|
The operation failed.
|
|
|
|
=item 1 (Success)
|
|
|
|
The operation succeeded.
|
|
|
|
=back
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Load names of CAs from file and use it as a client CA list:
|
|
|
|
SSL_CTX *ctx;
|
|
STACK_OF(X509_NAME) *cert_names;
|
|
|
|
...
|
|
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
|
|
if (cert_names != NULL)
|
|
SSL_CTX_set_client_CA_list(ctx, cert_names);
|
|
else
|
|
/* error */
|
|
...
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ssl(7)>,
|
|
L<ossl_store(7)>,
|
|
L<SSL_CTX_set_client_CA_list(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
|
|
were added in OpenSSL 3.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|