Home Explore Help
Register Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 1
Files Issues 1 Wiki
Tree: 606e0426a1
Branches Tags
openssl
/
doc
/
man3
/
X509_get_default_cert_file.pod

X509_get_default_cert_file.pod 4.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. X509_get_default_cert_file, X509_get_default_cert_file_env,
    6. 

  6. X509_get_default_cert_path_env,
    7. 

  7. X509_get_default_cert_dir, X509_get_default_cert_dir_env,
    8. 

  8. X509_get_default_cert_uri, X509_get_default_cert_uri_env -
    9. 

  9. retrieve default locations for trusted CA certificates
    10. 

  10. 

  11. =head1 SYNOPSIS
    12. 

  12. 

  13.  #include <openssl/x509.h>
    14. 

  14. 

  15.  const char *X509_get_default_cert_file(void);
    16. 

  16.  const char *X509_get_default_cert_dir(void);
    17. 

  17.  const char *X509_get_default_cert_uri(void);
    18. 

  18. 

  19.  const char *X509_get_default_cert_file_env(void);
    20. 

  20.  const char *X509_get_default_cert_path_env(void);
    21. 

  21.  const char *X509_get_default_cert_dir_env(void);
    22. 

  22.  const char *X509_get_default_cert_uri_env(void);
    23. 

  23. 

  24. =head1 DESCRIPTION
    25. 

  25. 

  26. The X509_get_default_cert_file() function returns the default path
    27. 

  27. to a file containing trusted CA certificates. OpenSSL will use this as
    28. 

  28. the default path when it is asked to load trusted CA certificates
    29. 

  29. from a file and no other path is specified. If the file exists, CA certificates
    30. 

  30. are loaded from the file.
    31. 

  31. 

  32. The X509_get_default_cert_dir() function returns a default delimeter-separated
    33. 

  33. list of paths to a directories containing trusted CA certificates named in the
    34. 

  34. hashed format. OpenSSL will use this as the default list of paths when it is
    35. 

  35. asked to load trusted CA certificates from a directory and no other path is
    36. 

  36. specified. If a given directory in the list exists, OpenSSL attempts to lookup
    37. 

  37. CA certificates in this directory by calculating a filename based on a hash of
    38. 

  38. the certificate's subject name.
    39. 

  39. 

  40. The X509_get_default_cert_uri() function returns the default URI for a
    41. 

  41. certificate store accessed programmatically via an OpenSSL provider. If there is
    42. 

  42. no default store applicable to the system for which OpenSSL was compiled, this
    43. 

  43. returns an empty string.
    44. 

  44. 

  45. X509_get_default_cert_file_env() and X509_get_default_cert_uri_env() return
    46. 

  46. environment variable names which are recommended to specify nondefault values to
    47. 

  47. be used instead of the values returned by X509_get_default_cert_file() and
    48. 

  48. X509_get_default_cert_uri() respectively. The values returned by the latter
    49. 

  49. functions are not affected by these environment variables; you must check for
    50. 

  50. these environment variables yourself, using these functions to retrieve the
    51. 

  51. correct environment variable names. If an environment variable is not set, the
    52. 

  52. value returned by the corresponding function above should be used.
    53. 

  53. 

  54. X509_get_default_cert_path_env() returns the environment variable name which is
    55. 

  55. recommended to specify a nondefault value to be used instead of the value
    56. 

  56. returned by X509_get_default_cert_dir(). This environment variable supercedes
    57. 

  57. the deprecated environment variable whose name is returned by
    58. 

  58. X509_get_default_cert_dir_env(). This environment variable was deprecated as its
    59. 

  59. contents can be interpreted ambiguously; see NOTES.
    60. 

  60. 

  61. By default, OpenSSL uses the path list specified in the environment variable
    62. 

  62. whose name is returned by X509_get_default_cert_path_env() if it is set;
    63. 

  63. otherwise, it uses the path list specified in the environment variable whose
    64. 

  64. name is returned by X509_get_default_cert_dir_env() if it is set; otherwise, it
    65. 

  65. uses the value returned by X509_get_default_cert_dir()).
    66. 

  66. 

  67. =head1 NOTES
    68. 

  68. 

  69. X509_get_default_cert_uri(), X509_get_default_cert_uri_env() and
    70. 

  70. X509_get_default_cert_path_env() were introduced in OpenSSL 3.1. Prior to this
    71. 

  71. release, store URIs were expressed via the environment variable returned by
    72. 

  72. X509_get_default_cert_dir_env(); this environment variable could be used to
    73. 

  73. specify either a list of directories or a store URI. This creates an ambiguity
    74. 

  74. in which the environment variable returned by X509_get_default_cert_dir_env() is
    75. 

  75. interpreted both as a list of directories and as a store URI.
    76. 

  76. 

  77. This usage and the environment variable returned by
    78. 

  78. X509_get_default_cert_dir_env() are now deprecated; to specify a store URI, use
    79. 

  79. the environment variable returned by X509_get_default_cert_uri_env(), and to
    80. 

  80. specify a list of directories, use the environment variable returned by
    81. 

  81. X509_get_default_cert_path_env().
    82. 

  82. 

  83. =head1 RETURN VALUES
    84. 

  84. 

  85. These functions return pointers to constant strings with static storage
    86. 

  86. duration.
    87. 

  87. 

  88. =head1 SEE ALSO
    89. 

  89. 

  90. L<X509_LOOKUP(3)>,
    91. 

  91. L<SSL_CTX_set_default_verify_file(3)>,
    92. 

  92. L<SSL_CTX_set_default_verify_dir(3)>,
    93. 

  93. L<SSL_CTX_set_default_verify_store(3)>,
    94. 

  94. L<SSL_CTX_load_verify_file(3)>,
    95. 

  95. L<SSL_CTX_load_verify_dir(3)>,
    96. 

  96. L<SSL_CTX_load_verify_store(3)>,
    97. 

  97. L<SSL_CTX_load_verify_locations(3)>
    98. 

  98. 

  99. =head1 HISTORY
    100. 

  100. 

  101. X509_get_default_cert_uri(), X509_get_default_cert_path_env() and
    102. 

  102. X509_get_default_cert_uri_env() were introduced in OpenSSL 3.1.
    103. 

  103. 

  104. =head1 COPYRIGHT
    105. 

  105. 

  106. Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
    107. 

  107. 

  108. Licensed under the Apache License 2.0 (the "License").  You may not use
    109. 

  109. this file except in compliance with the License.  You can obtain a copy
    110. 

  110. in the file LICENSE in the source distribution or at
    111. 

  111. L<https://www.openssl.org/source/license.html>.
    112. 

  112. 

  113. =cut
    114.