1SSL_LOAD_CLIENT_CA_FILE(3ossl)      OpenSSL     SSL_LOAD_CLIENT_CA_FILE(3ossl)
2
3
4

NAME

6       SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
7       SSL_add_file_cert_subjects_to_stack,
8       SSL_add_dir_cert_subjects_to_stack,
9       SSL_add_store_cert_subjects_to_stack - load certificate names
10

SYNOPSIS

12        #include <openssl/ssl.h>
13
14        STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
15                                                        OSSL_LIB_CTX *libctx,
16                                                        const char *propq);
17        STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
18
19        int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
20                                                const char *file);
21        int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
22                                               const char *dir);
23        int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
24                                                 const char *store);
25

DESCRIPTION

27       SSL_load_client_CA_file_ex() reads certificates from file and returns a
28       STACK_OF(X509_NAME) with the subject names found. The library context
29       libctx and property query propq are used when fetching algorithms from
30       providers.
31
32       SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
33       but uses NULL for the library context libctx and property query propq.
34
35       SSL_add_file_cert_subjects_to_stack() reads certificates from file, and
36       adds their subject name to the already existing stack.
37
38       SSL_add_dir_cert_subjects_to_stack() reads certificates from every file
39       in the directory dir, and adds their subject name to the already
40       existing stack.
41
42       SSL_add_store_cert_subjects_to_stack() loads certificates from the
43       store URI, and adds their subject name to the already existing stack.
44

NOTES

46       SSL_load_client_CA_file() reads a file of PEM formatted certificates
47       and extracts the X509_NAMES of the certificates found. While the name
48       suggests the specific usage as support function for
49       SSL_CTX_set_client_CA_list(3), it is not limited to CA certificates.
50

RETURN VALUES

52       The following return values can occur:
53
54       NULL
55           The operation failed, check out the error stack for the reason.
56
57       Pointer to STACK_OF(X509_NAME)
58           Pointer to the subject names of the successfully read certificates.
59

EXAMPLES

61       Load names of CAs from file and use it as a client CA list:
62
63        SSL_CTX *ctx;
64        STACK_OF(X509_NAME) *cert_names;
65
66        ...
67        cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
68        if (cert_names != NULL)
69            SSL_CTX_set_client_CA_list(ctx, cert_names);
70        else
71            /* error */
72        ...
73

SEE ALSO

75       ssl(7), ossl_store(7), SSL_CTX_set_client_CA_list(3)
76

HISTORY

78       SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
79       were added in OpenSSL 3.0.
80
82       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
83
84       Licensed under the Apache License 2.0 (the "License").  You may not use
85       this file except in compliance with the License.  You can obtain a copy
86       in the file LICENSE in the source distribution or at
87       <https://www.openssl.org/source/license.html>.
88
89
90
913.0.5                             2022-07-05    SSL_LOAD_CLIENT_CA_FILE(3ossl)
Impressum