xref: /freebsd/crypto/openssl/doc/man3/SSL_load_client_CA_file.pod (revision fe75646a0234a261c0013bf1840fdac4acaf0cec)
1=pod
2
3=head1 NAME
4
5SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
6SSL_add_file_cert_subjects_to_stack,
7SSL_add_dir_cert_subjects_to_stack,
8SSL_add_store_cert_subjects_to_stack
9- load certificate names
10
11=head1 SYNOPSIS
12
13 #include <openssl/ssl.h>
14
15 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
16                                                 OSSL_LIB_CTX *libctx,
17                                                 const char *propq);
18 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
19
20 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
21                                         const char *file);
22 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
23                                        const char *dir);
24 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
25                                          const char *store);
26
27=head1 DESCRIPTION
28
29SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
30a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
31and property query I<propq> are used when fetching algorithms from providers.
32
33SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
34but uses NULL for the library context I<libctx> and property query I<propq>.
35
36SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
37and adds their subject name to the already existing I<stack>.
38
39SSL_add_dir_cert_subjects_to_stack() reads certificates from every
40file in the directory I<dir>, and adds their subject name to the
41already existing I<stack>.
42
43SSL_add_store_cert_subjects_to_stack() loads certificates from the
44I<store> URI, and adds their subject name to the already existing
45I<stack>.
46
47=head1 NOTES
48
49SSL_load_client_CA_file() reads a file of PEM formatted certificates and
50extracts the X509_NAMES of the certificates found. While the name suggests
51the specific usage as support function for
52L<SSL_CTX_set_client_CA_list(3)>,
53it is not limited to CA certificates.
54
55=head1 RETURN VALUES
56
57The following return values can occur:
58
59=over 4
60
61=item NULL
62
63The operation failed, check out the error stack for the reason.
64
65=item Pointer to STACK_OF(X509_NAME)
66
67Pointer to the subject names of the successfully read certificates.
68
69=back
70
71=head1 EXAMPLES
72
73Load names of CAs from file and use it as a client CA list:
74
75 SSL_CTX *ctx;
76 STACK_OF(X509_NAME) *cert_names;
77
78 ...
79 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
80 if (cert_names != NULL)
81     SSL_CTX_set_client_CA_list(ctx, cert_names);
82 else
83     /* error */
84 ...
85
86=head1 SEE ALSO
87
88L<ssl(7)>,
89L<ossl_store(7)>,
90L<SSL_CTX_set_client_CA_list(3)>
91
92=head1 HISTORY
93
94SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
95were added in OpenSSL 3.0.
96
97=head1 COPYRIGHT
98
99Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
100
101Licensed under the Apache License 2.0 (the "License").  You may not use
102this file except in compliance with the License.  You can obtain a copy
103in the file LICENSE in the source distribution or at
104L<https://www.openssl.org/source/license.html>.
105
106=cut
107