Эхлэл Бүгдийг харах Тусламж
Нэвтрэх
OWEALs
/
openssl
-ын хуулбар git://git.openssl.org/openssl.git
2
0
Салаа 0
Файлууд Асуудлууд 1 Мэдлэгийн сан
Мод: 953a1665e2
Салаанууд Тагууд
openssl
/
doc
/
ssl
/
SSL_CTX_set_cert_cb.pod

SSL_CTX_set_cert_cb.pod 2.7 KB
Түүх Анхны өгөгдөл

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. SSL_CTX_set_cert_cb, SSL_set_cert_cb - handle certificate callback function
    6. 

  6. 

  7. =head1 SYNOPSIS
    8. 

  8. 

  9.  #include <openssl/ssl.h>
    10. 

  10. 

  11.  void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
    12. 

  12.  void SSL_set_cert_cb(SSL *s, int (*cert_cb)(SSL *ssl, void *arg), void *arg);
    13. 

  13. 

  14.  int (*cert_cb)(SSL *ssl, void *arg);
    15. 

  15. 

  16. =head1 DESCRIPTION
    17. 

  17. 

  18. SSL_CTX_set_cert_cb() and SSL_set_cert_cb() sets the B<cert_cb()> callback,
    19. 

  19. B<arg> value is pointer which is passed to the application callback.
    20. 

  20. 

  21. When B<cert_cb()> is NULL, no callback function is used.
    22. 

  22. 

  23. cert_cb() is the application defined callback. It is called before a
    24. 

  24. certificate will be used by a client or server. The callback can then inspect
    25. 

  25. the passed B<ssl> structure and set or clear any appropriate certificates. If
    26. 

  26. the callback is successful it B<MUST> return 1 even if no certificates have
    27. 

  27. been set. A zero is returned on error which will abort the handshake with a
    28. 

  28. fatal internal error alert. A negative return value will suspend the handshake
    29. 

  29. and the handshake function will return immediately.
    30. 

  30. L<SSL_get_error(3)|SSL_get_error(3)> will return SSL_ERROR_WANT_X509_LOOKUP to
    31. 

  31. indicate, that the handshake was suspended. The next call to the handshake
    32. 

  32. function will again lead to the call of cert_cb(). It is the job of the
    33. 

  33. cert_cb() to store information about the state of the last call,
    34. 

  34. if required to continue.
    35. 

  35. 

  36. =head1 NOTES
    37. 

  37. 

  38. An application will typically call SSL_use_certificate() and
    39. 

  39. SSL_use_PrivateKey() to set the end entity certificate and private key.
    40. 

  40. It can add intermediate and optionally the root CA certificates using
    41. 

  41. SSL_add1_chain_cert().
    42. 

  42. 

  43. It might also call SSL_certs_clear() to delete any certificates associated
    44. 

  44. with the B<SSL> object.
    45. 

  45. 

  46. The certificate callback functionality supercedes the (largely broken)
    47. 

  47. functionality provided by the old client certificate callback interface.
    48. 

  48. It is B<always> called even is a certificate is already set so the callback
    49. 

  49. can modify or delete the existing certificate.
    50. 

  50. 

  51. A more advanced callback might examine the handshake parameters and set
    52. 

  52. whatever chain is appropriate. For example a legacy client supporting only
    53. 

  53. TLS v1.0 might receive a certificate chain signed using SHA1 whereas a
    54. 

  54. TLS v1.2 client which advertises support for SHA256 could receive a chain
    55. 

  55. using SHA256.
    56. 

  56. 

  57. Normal server sanity checks are performed on any certificates set
    58. 

  58. by the callback. So if an EC chain is set for a curve the client does not
    59. 

  59. support it will B<not> be used.
    60. 

  60. 

  61. =head1 SEE ALSO
    62. 

  62. 

  63. L<ssl(3)|ssl(3)>, L<SSL_use_certificate(3)|SSL_use_certificate(3)>,
    64. 

  64. L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)>,
    65. 

  65. L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
    66. 

  66. L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
    67. 

  67. 

  68. =cut
    69.