doc/man3/SSL_load_client_CA_file.pod

   1 =pod
   2
   3 =head1 NAME
   4
   5 SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
   6 SSL_add_file_cert_subjects_to_stack,
   7 SSL_add_dir_cert_subjects_to_stack,
   8 SSL_add_store_cert_subjects_to_stack
   9 - load certificate names
  10
  11 =head1 SYNOPSIS
  12
  13  #include <openssl/ssl.h>
  14
  15  STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
  16                                                  OSSL_LIB_CTX *libctx,
  17                                                  const char *propq);
  18  STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
  19
  20  int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
  21                                          const char *file);
  22  int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
  23                                         const char *dir);
  24  int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
  25                                           const char *store);
  26
  27 =head1 DESCRIPTION
  28
  29 SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
  30 a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
  31 and property query I<propq> are used when fetching algorithms from providers.
  32
  33 SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
  34 but uses NULL for the library context I<libctx> and property query I<propq>.
  35
  36 SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
  37 and adds their subject name to the already existing I<stack>.
  38
  39 SSL_add_dir_cert_subjects_to_stack() reads certificates from every
  40 file in the directory I<dir>, and adds their subject name to the
  41 already existing I<stack>.
  42
  43 SSL_add_store_cert_subjects_to_stack() loads certificates from the
  44 I<store> URI, and adds their subject name to the already existing
  45 I<stack>.
  46
  47 =head1 NOTES
  48
  49 SSL_load_client_CA_file() reads a file of PEM formatted certificates and
  50 extracts the X509_NAMES of the certificates found. While the name suggests
  51 the specific usage as support function for
  52 L<SSL_CTX_set_client_CA_list(3)>,
  53 it is not limited to CA certificates.
  54
  55 =head1 RETURN VALUES
  56
  57 The following return values can occur for SSL_load_client_CA_file_ex(), and
  58 SSL_load_client_CA_file():
  59
  60 =over 4
  61
  62 =item NULL
  63
  64 The operation failed, check out the error stack for the reason.
  65
  66 =item Pointer to STACK_OF(X509_NAME)
  67
  68 Pointer to the subject names of the successfully read certificates.
  69
  70 =back
  71
  72 The following return values can occur for SSL_add_file_cert_subjects_to_stack(),
  73 SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack():
  74
  75 =over 4
  76
  77 =item 0 (Failure)
  78
  79 The operation failed.
  80
  81 =item 1 (Success)
  82
  83 The operation succeeded.
  84
  85 =back
  86
  87 =head1 EXAMPLES
  88
  89 Load names of CAs from file and use it as a client CA list:
  90
  91  SSL_CTX *ctx;
  92  STACK_OF(X509_NAME) *cert_names;
  93
  94  ...
  95  cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
  96  if (cert_names != NULL)
  97      SSL_CTX_set_client_CA_list(ctx, cert_names);
  98  else
  99      /* error */
 100  ...
 101
 102 =head1 SEE ALSO
 103
 104 L<ssl(7)>,
 105 L<ossl_store(7)>,
 106 L<SSL_CTX_set_client_CA_list(3)>
 107
 108 =head1 HISTORY
 109
 110 SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
 111 were added in OpenSSL 3.0.
 112
 113 =head1 COPYRIGHT
 114
 115 Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 116
 117 Licensed under the Apache License 2.0 (the "License").  You may not use
 118 this file except in compliance with the License.  You can obtain a copy
 119 in the file LICENSE in the source distribution or at
 120 L<https://www.openssl.org/source/license.html>.
 121
 122 =cut