1NE_SSL_CLIENT_CERT(3) neon API reference NE_SSL_CLIENT_CERT(3)
2
3
4
6 ne_ssl_clicert_read, ne_ssl_clicert_name, ne_ssl_clicert_encrypted,
7 ne_ssl_clicert_decrypt, ne_ssl_clicert_owner, ne_ssl_clicert_free - SSL
8 client certificate handling
9
11 #include <ne_ssl.h>
12
13 ne_ssl_client_cert *ne_ssl_clicert_read(const char *filename);
14
15 const char *ne_ssl_clicert_name(const ne_ssl_client_cert *ccert);
16
17 int ne_ssl_clicert_encrypted(const ne_ssl_client_cert *ccert);
18
19 int ne_ssl_clicert_decrypt(ne_ssl_client_cert *ccert,
20 const char *password);
21
22 const ne_ssl_certificate
23 *ne_ssl_clicert_owner(const ne_ssl_client_cert *ccert);
24
25 void ne_ssl_clicert_free(ne_ssl_client_cert *ccert);
26
28 The ne_ssl_clicert_read function reads a client certificate from a
29 PKCS#12-formatted file, and returns an ne_ssl_client_cert object. If
30 the client certificate is encrypted, it must be decrypted before it is
31 used. An ne_ssl_client_cert object holds a client certificate and the
32 associated private key, not just a certificate; the term "client
33 certificate" will used to refer to this pair.
34
35 A client certificate can be in one of two states: encrypted or
36 decrypted. The ne_ssl_clicert_encrypted function will return non-zero
37 if the client certificate is in the encrypted state. A client
38 certificate object returned by ne_ssl_clicert_read may be initially in
39 either state, depending on whether the file was encrypted or not.
40
41 ne_ssl_clicert_decrypt can be used to decrypt a client certificate
42 using the appropriate password. This function must only be called if
43 the object is in the encrypted state; if decryption fails, the
44 certificate state does not change, so decryption can be attempted more
45 than once using different passwords.
46
47 A client certificate can be given a "friendly name" when it is created;
48 ne_ssl_clicert_name will return this name (or NULL if no friendly name
49 was specified). ne_ssl_clicert_name can be used when the client
50 certificate is in either the encrypted or decrypted state, and will
51 return the same string for the lifetime of the object.
52
53 The function ne_ssl_clicert_owner returns the certificate part of the
54 client certificate; it must only be called if the client certificate is
55 in the decrypted state.
56
57 When the client certificate is no longer needed, the
58 ne_ssl_clicert_free function should be used to destroy the object.
59
61 ne_ssl_clicert_read returns a client certificate object, or NULL if the
62 file could not be read. ne_ssl_clicert_encrypted returns zero if the
63 object is in the decrypted state, or non-zero if it is in the encrypted
64 state. ne_ssl_clicert_name returns a NUL-terminated friendly name
65 string, or NULL. ne_ssl_clicert_owner returns a certificate object.
66
68 The following code reads a client certificate and decrypts it if
69 necessary, then loads it into an HTTP session.
70
71 ne_ssl_client_cert *ccert;
72
73 ccert = ne_ssl_clicert_read("/path/to/client.p12");
74
75 if (ccert == NULL) {
76 /* handle error... */
77 } else if (ne_ssl_clicert_encrypted(ccert)) {
78 char *password = prompt_for_password();
79
80 if (ne_ssl_clicert_decrypt(ccert, password)) {
81 /* could not decrypt! handle error... */
82 }
83 }
84
85 ne_ssl_set_clicert(sess, ccert);
86
88 ne_ssl_cert_read
89
91 Joe Orton <neon@lists.manyfish.co.uk>
92 Author.
93
95neon 0.31.2 20 June 2020 NE_SSL_CLIENT_CERT(3)