SSL_LOAD_CLIENT_CA_FILE
Section: OpenSSL (3SSL)
Updated: 2024-03-03
Index
Return to Main Contents
NAME
SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
SSL_add_file_cert_subjects_to_stack,
SSL_add_dir_cert_subjects_to_stack,
SSL_add_store_cert_subjects_to_stack
- load certificate names
SYNOPSIS
#include <openssl/ssl.h>
STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
OSSL_LIB_CTX *libctx,
const char *propq);
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *file);
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *dir);
int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *store);
DESCRIPTION
SSL_load_client_CA_file_ex() reads certificates from file and returns
a STACK_OF(X509_NAME) with the subject names found. The library context libctx
and property query propq are used when fetching algorithms from providers.
SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
but uses NULL for the library context libctx and property query propq.
SSL_add_file_cert_subjects_to_stack() reads certificates from file,
and adds their subject name to the already existing stack.
SSL_add_dir_cert_subjects_to_stack() reads certificates from every
file in the directory dir, and adds their subject name to the
already existing stack.
SSL_add_store_cert_subjects_to_stack() loads certificates from the
store URI, and adds their subject name to the already existing
stack.
NOTES
SSL_load_client_CA_file() reads a file of PEM formatted certificates and
extracts the X509_NAMES of the certificates found. While the name suggests
the specific usage as support function for
SSL_CTX_set_client_CA_list(3),
it is not limited to CA certificates.
RETURN VALUES
The following return values can occur:
- NULL
-
The operation failed, check out the error stack for the reason.
- Pointer to STACK_OF(X509_NAME)
-
Pointer to the subject names of the successfully read certificates.
EXAMPLES
Load names of CAs from file and use it as a client CA list:
SSL_CTX *ctx;
STACK_OF(X509_NAME) *cert_names;
...
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
if (cert_names != NULL)
SSL_CTX_set_client_CA_list(ctx, cert_names);
else
/* error */
...
SEE ALSO
ssl(7),
ossl_store(7),
SSL_CTX_set_client_CA_list(3)
HISTORY
SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
were added in OpenSSL 3.0.
COPYRIGHT
Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the ``License''). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
<https://www.openssl.org/source/license.html>.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- NOTES
-
- RETURN VALUES
-
- EXAMPLES
-
- SEE ALSO
-
- HISTORY
-
- COPYRIGHT
-
This document was created by
man2html,
using the manual pages.
Time: 13:45:52 GMT, May 19, 2024