1SSL_CTX_SET0_CA_LIST(3)             OpenSSL            SSL_CTX_SET0_CA_LIST(3)
2
3
4

NAME

6       SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list,
7       SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list,
8       SSL_get0_peer_CA_list - get or set CA list
9

SYNOPSIS

11        #include <openssl/ssl.h>
12
13        void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
14        void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
15        const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
16        const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
17        int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
18        int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
19
20        const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
21

DESCRIPTION

23       SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
24       name_list. Ownership of name_list is transferred to ctx and it should
25       not be freed by the caller.
26
27       SSL_set0_CA_list() sets the list of CAs to be sent to the peer to
28       name_list overriding any list set in the parent SSL_CTX of s. Ownership
29       of name_list is transferred to s and it should not be freed by the
30       caller.
31
32       SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
33       ctx.
34
35       SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
36       s or if none are set the list from the parent SSL_CTX is retrieved.
37
38       SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x
39       to the list of CAs sent to peer for ctx.
40
41       SSL_add1_to_CA_list() appends the CA subject name extracted from x to
42       the list of CAs sent to the peer for s, overriding the setting in the
43       parent SSL_CTX.
44
45       SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the
46       peer has sent.
47

NOTES

49       These functions are generalised versions of the client authentication
50       CA list functions such as SSL_CTX_set_client_CA_list(3).
51
52       For TLS versions before 1.3 the list of CA names is only sent from the
53       server to client when requesting a client certificate. So any list of
54       CA names set is never sent from client to server and the list of CA
55       names retrieved by SSL_get0_peer_CA_list() is always NULL.
56
57       For TLS 1.3 the list of CA names is sent using the
58       certificate_authorities extension and will be sent by a client (in the
59       ClientHello message) or by a server (when requesting a certificate).
60

RETURN VALUES

62       SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.
63
64       SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA
65       names or NULL is no CA names are set.
66
67       SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for
68       success and 0 for failure.
69
70       SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or
71       NULL or an empty stack if no list was sent.
72

SEE ALSO

74       ssl(7), SSL_CTX_set_client_CA_list(3), SSL_get_client_CA_list(3),
75       SSL_load_client_CA_file(3), SSL_CTX_load_verify_locations(3)
76
78       Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
79
80       Licensed under the OpenSSL license (the "License").  You may not use
81       this file except in compliance with the License.  You can obtain a copy
82       in the file LICENSE in the source distribution or at
83       <https://www.openssl.org/source/license.html>.
84
85
86
871.1.1                             2018-09-11           SSL_CTX_SET0_CA_LIST(3)
Impressum