1SSL_CTX_SET0_CA_LIST(3) OpenSSL SSL_CTX_SET0_CA_LIST(3)
2
3
4
6 SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list,
7 SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list,
8 SSL_get0_peer_CA_list - get or set CA list
9
11 #include <openssl/ssl.h>
12
13 void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
14 void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
15 const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
16 const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
17 int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
18 int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
19
20 const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
21
23 SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
24 name_list. Ownership of name_list is transferred to ctx and it should
25 not be freed by the caller.
26
27 SSL_set0_CA_list() sets the list of CAs to be sent to the peer to
28 name_list overriding any list set in the parent SSL_CTX of s. Ownership
29 of name_list is transferred to s and it should not be freed by the
30 caller.
31
32 SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
33 ctx.
34
35 SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
36 s or if none are set the list from the parent SSL_CTX is retrieved.
37
38 SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x
39 to the list of CAs sent to peer for ctx.
40
41 SSL_add1_to_CA_list() appends the CA subject name extracted from x to
42 the list of CAs sent to the peer for s, overriding the setting in the
43 parent SSL_CTX.
44
45 SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the
46 peer has sent.
47
49 These functions are generalised versions of the client authentication
50 CA list functions such as SSL_CTX_set_client_CA_list(3).
51
52 For TLS versions before 1.3 the list of CA names is only sent from the
53 server to client when requesting a client certificate. So any list of
54 CA names set is never sent from client to server and the list of CA
55 names retrieved by SSL_get0_peer_CA_list() is always NULL.
56
57 For TLS 1.3 the list of CA names is sent using the
58 certificate_authorities extension and will be sent by a client (in the
59 ClientHello message) or by a server (when requesting a certificate).
60
62 SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.
63
64 SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA
65 names or NULL is no CA names are set.
66
67 SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for
68 success and 0 for failure.
69
70 SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or
71 NULL or an empty stack if no list was sent.
72
74 ssl(7), SSL_CTX_set_client_CA_list(3), SSL_get_client_CA_list(3),
75 SSL_load_client_CA_file(3), SSL_CTX_load_verify_locations(3)
76
78 Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
79
80 Licensed under the OpenSSL license (the "License"). You may not use
81 this file except in compliance with the License. You can obtain a copy
82 in the file LICENSE in the source distribution or at
83 <https://www.openssl.org/source/license.html>.
84
85
86
871.1.1 2018-09-11 SSL_CTX_SET0_CA_LIST(3)