ossl_store.pod 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. =pod
  2. =head1 NAME
  3. ossl_store - Store retrieval functions
  4. =head1 SYNOPSIS
  5. =for comment generic
  6. #include <openssl/store.h>
  7. =head1 DESCRIPTION
  8. =head2 General
  9. A STORE is a layer of functionality to retrieve a number of supported
  10. objects from a repository of any kind, addressable as a file name or
  11. as a URI.
  12. The functionality supports the pattern "open a channel to the
  13. repository", "loop and retrieve one object at a time", and "finish up
  14. by closing the channel".
  15. The retrieved objects are returned as a wrapper type B<OSSL_STORE_INFO>,
  16. from which an OpenSSL type can be retrieved.
  17. =head2 URI schemes and loaders
  18. Support for a URI scheme is called a STORE "loader", and can be added
  19. dynamically from the calling application or from a loadable engine.
  20. =head2 The 'file' scheme
  21. Support for the 'file' scheme is already built into C<libcrypto>.
  22. Since files come in all kinds of formats and content types, the 'file'
  23. scheme has its own layer of functionality called "file handlers",
  24. which are used to try to decode diverse types of file contents.
  25. In case a file is formatted as PEM, each called file handler receives
  26. the PEM name (everything following any 'C<-----BEGIN >') as well as
  27. possible PEM headers, together with the decoded PEM body. Since PEM
  28. formatted files can contain more than one object, the file handlers
  29. are called upon for each such object.
  30. If the file isn't determined to be formatted as PEM, the content is
  31. loaded in raw form in its entirety and passed to the available file
  32. handlers as is, with no PEM name or headers.
  33. Each file handler is expected to handle PEM and non-PEM content as
  34. appropriate. Some may refuse non-PEM content for the sake of
  35. determinism (for example, there are keys out in the wild that are
  36. represented as an ASN.1 OCTET STRING. In raw form, it's not easily
  37. possible to distinguish those from any other data coming as an ASN.1
  38. OCTET STRING, so such keys would naturally be accepted as PEM files
  39. only).
  40. =head1 EXAMPLES
  41. =head2 A generic call
  42. OSSL_STORE_CTX *ctx = OSSL_STORE_open("file:/foo/bar/data.pem");
  43. /*
  44. * OSSL_STORE_eof() simulates file semantics for any repository to signal
  45. * that no more data can be expected
  46. */
  47. while (!OSSL_STORE_eof(ctx)) {
  48. OSSL_STORE_INFO *info = OSSL_STORE_load(ctx);
  49. /*
  50. * Do whatever is necessary with the OSSL_STORE_INFO,
  51. * here just one example
  52. */
  53. switch (OSSL_STORE_INFO_get_type(info)) {
  54. case OSSL_STORE_INFO_X509:
  55. /* Print the X.509 certificate text */
  56. X509_print_fp(stdout, OSSL_STORE_INFO_get0_CERT(info));
  57. /* Print the X.509 certificate PEM output */
  58. PEM_write_X509(stdout, OSSL_STORE_INFO_get0_CERT(info));
  59. break;
  60. }
  61. }
  62. OSSL_STORE_close(ctx);
  63. =head1 SEE ALSO
  64. L<OSSL_STORE_INFO(3)>, L<OSSL_STORE_LOADER(3)>,
  65. L<OSSL_STORE_open(3)>, L<OSSL_STORE_expect(3)>,
  66. L<OSSL_STORE_SEARCH(3)>
  67. =head1 COPYRIGHT
  68. Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  69. Licensed under the OpenSSL license (the "License"). You may not use
  70. this file except in compliance with the License. You can obtain a copy
  71. in the file LICENSE in the source distribution or at
  72. L<https://www.openssl.org/source/license.html>.
  73. =cut