GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
SSL_LOAD_CLIENT_CA_FILE(3) FreeBSD Library Functions Manual SSL_LOAD_CLIENT_CA_FILE(3)

SSL_load_client_CA_file, SSL_add_file_cert_subjects_to_stack, SSL_add_dir_cert_subjects_to_stackload certificate names from files

#include <openssl/ssl.h>

STACK_OF(X509_NAME) *
SSL_load_client_CA_file(const char *file);

int
SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *file);

int
SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir);

() reads PEM formatted certificates from file and returns a new STACK_OF(X509_NAME) with the subject names found. While the name suggests the specific usage as a support function for SSL_CTX_set_client_CA_list(3), it is not limited to CA certificates.

() is similar except that the names are added to the existing stack.

() calls SSL_add_file_cert_subjects_to_stack() on every file in the directory dir.

If a name is already on the stack, all these functions skip it and do not add it again.

SSL_load_client_CA_file() returns a pointer to the new STACK_OF(X509_NAME) or NULL on failure.

SSL_add_file_cert_subjects_to_stack() and SSL_add_dir_cert_subjects_to_stack() return 1 for success or 0 for failure.

All these functions treat empty files and directories as failures.

In some cases of failure, the reason can be determined with ERR_get_error(3).

Load names of CAs from a file and use it as a client CA list:

SSL_CTX *ctx;
STACK_OF(X509_NAME) *cert_names;
...
cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
if (cert_names != NULL)
	SSL_CTX_set_client_CA_list(ctx, cert_names);
else
	error_handling();
...

PEM_read_bio_X509(3), ssl(3), SSL_CTX_set_client_CA_list(3), X509_get_subject_name(3), X509_NAME_new(3)

SSL_load_client_CA_file() first appeared in SSLeay 0.8.0 and has been available since OpenBSD 2.4.

SSL_add_file_cert_subjects_to_stack() and SSL_add_dir_cert_subjects_to_stack() first appeared in OpenSSL 0.9.2b and have been available since OpenBSD 2.6.

SSL_add_file_cert_subjects_to_stack() and SSL_add_dir_cert_subjects_to_stack() were written by Ben Laurie <ben@openssl.org> in 1999.

In some cases of failure, for example for empty files and directories, these functions fail to report an error, in the sense that ERR_get_error(3) does not work.

Even in case of failure, for example when parsing one of the files or certificates fails, SSL_add_file_cert_subjects_to_stack() and SSL_add_dir_cert_subjects_to_stack() may still have added some certificates to the stack.

The behaviour of SSL_add_dir_cert_subjects_to_stack() is non-deterministic. If parsing one file fails, parsing of the whole directory is aborted. Files in the directory are not parsed in any specific order. For example, adding an empty file to dir may or may not cause some of the other files to be ignored.

June 12, 2019 FreeBSD 14.3-RELEASE

Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.