OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
							=pod

=head1 NAME

SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
SSL_add_file_cert_subjects_to_stack,
SSL_add_dir_cert_subjects_to_stack,
SSL_add_store_cert_subjects_to_stack
- load certificate names

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
                                                 OSSL_LIB_CTX *libctx,
                                                 const char *propq);
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);

 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file);
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir);
 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                          const char *store);

=head1 DESCRIPTION

SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
and property query <propq> are used when fetching algorithms from providers.

SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
but uses NULL for the library context I<libctx> and property query <propq>.

SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
and adds their subject name to the already existing I<stack>.

SSL_add_dir_cert_subjects_to_stack() reads certificates from every
file in the directory I<dir>, and adds their subject name to the
already existing I<stack>.

SSL_add_store_cert_subjects_to_stack() loads certificates from the
I<store> URI, and adds their subject name to the already existing
I<stack>.

=head1 NOTES

SSL_load_client_CA_file() reads a file of PEM formatted certificates and
extracts the X509_NAMES of the certificates found. While the name suggests
the specific usage as support function for
L<SSL_CTX_set_client_CA_list(3)>,
it is not limited to CA certificates.

=head1 RETURN VALUES

The following return values can occur:

=over 4

=item NULL

The operation failed, check out the error stack for the reason.

=item Pointer to STACK_OF(X509_NAME)

Pointer to the subject names of the successfully read certificates.

=back

=head1 EXAMPLES

Load names of CAs from file and use it as a client CA list:

 SSL_CTX *ctx;
 STACK_OF(X509_NAME) *cert_names;

 ...
 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
 if (cert_names != NULL)
     SSL_CTX_set_client_CA_list(ctx, cert_names);
 else
     /* error */
 ...

=head1 SEE ALSO

L<ssl(7)>,
L<ossl_store(7)>,
L<SSL_CTX_set_client_CA_list(3)>

=head1 HISTORY

SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
were added in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut