GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SSL_LOAD_CLIENT_CA_FILE(3ossl) OpenSSL SSL_LOAD_CLIENT_CA_FILE(3ossl)

SSL_load_client_CA_file_ex, SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stack, SSL_add_store_cert_subjects_to_stack - load certificate names 

 #include <openssl/ssl.h>

 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
                                                 OSSL_LIB_CTX *libctx,
                                                 const char *propq);
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);

 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file);
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir);
 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                          const char *store);

SSL_load_client_CA_file_ex() reads certificates from file and returns a STACK_OF(X509_NAME) with the subject names found. The library context libctx and property query propq are used when fetching algorithms from providers.

SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex() but uses NULL for the library context libctx and property query propq.

SSL_add_file_cert_subjects_to_stack() reads certificates from file, and adds their subject name to the already existing stack.

SSL_add_dir_cert_subjects_to_stack() reads certificates from every file in the directory dir, and adds their subject name to the already existing stack.

SSL_add_store_cert_subjects_to_stack() loads certificates from the store URI, and adds their subject name to the already existing stack.

SSL_load_client_CA_file() reads a file of PEM formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for SSL_CTX_set_client_CA_list(3), it is not limited to CA certificates.

The following return values can occur:
NULL
The operation failed, check out the error stack for the reason.
Pointer to STACK_OF(X509_NAME)
Pointer to the subject names of the successfully read certificates.

Load names of CAs from file and use it as a client CA list: 

 SSL_CTX *ctx;
 STACK_OF(X509_NAME) *cert_names;

 ...
 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
 if (cert_names != NULL)
     SSL_CTX_set_client_CA_list(ctx, cert_names);
 else
     /* error */
 ...

ssl(7), ossl_store(7), SSL_CTX_set_client_CA_list(3)

SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack() were added in OpenSSL 3.0.

Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.

2022-05-03 3.0.3
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.