*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->OpenBSD man pages -> SSL_set_client_CA_list (3)              
Title
Content
Arch
Section
 

Contents


SSL_CTX_SET_CLIENT_CA_LIST(3)OpenSSLSSL_CTX_SET_CLIENT_CA_LIST(3)

NAME    [Toc]    [Back]

       SSL_CTX_set_client_CA_list, SSL_set_client_CA_list,
       SSL_CTX_add_client_CA, SSL_add_client_CA - set list of CAs
       sent to the client when requesting a client certificate

SYNOPSIS    [Toc]    [Back]

        #include <openssl/ssl.h>

        void       SSL_CTX_set_client_CA_list(SSL_CTX       *ctx,
STACK_OF(X509_NAME) *list);
        void SSL_set_client_CA_list(SSL  *s,  STACK_OF(X509_NAME)
*list);
        int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
        int SSL_add_client_CA(SSL *ssl, X509 *cacert);

DESCRIPTION    [Toc]    [Back]

       SSL_CTX_set_client_CA_list() sets the list of CAs sent to
       the client when requesting a client certificate for ctx.

       SSL_set_client_CA_list() sets the list of CAs sent to the
       client when requesting a client certificate for the chosen
       ssl, overriding the setting valid for ssl's SSL_CTX
       object.

       SSL_CTX_add_client_CA() adds the CA name extracted from
       cacert to the list of CAs sent to the client when requesting
 a client certificate for ctx.

       SSL_add_client_CA() adds the CA name extracted from cacert
       to the list of CAs sent to the client when requesting a
       client certificate for the chosen ssl, overriding the setting
 valid for ssl's SSL_CTX object.

NOTES    [Toc]    [Back]

       When a TLS/SSL server requests a client certificate (see
       SSL_CTX_set_verify_options()), it sends a list of CAs, for
       which it will accept certificates, to the client.

       This list must explicitly be set using
       SSL_CTX_set_client_CA_list() for ctx and
       SSL_set_client_CA_list() for the specific ssl. The list
       specified overrides the previous setting. The CAs listed
       do not become trusted (list only contains the names, not
       the complete certificates); use
       SSL_CTX_load_verify_locations(3) to additionally load them
       for verification.

       If the list of acceptable CAs is compiled in a file, the
       SSL_load_client_CA_file(3) function can be used to help
       importing the necessary data.

       SSL_CTX_add_client_CA() and SSL_add_client_CA() can be
       used to add additional items the list of client CAs. If no
       list was specified before using
       SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(),
       a new client CA list for ctx or ssl (as appropriate) is
SSL_CTX_SET_CLIENT_CA_LIST(3)OpenSSLSSL_CTX_SET_CLIENT_CA_LIST(3)


       opened.

       These functions are only useful for TLS/SSL servers.

RETURN VALUES    [Toc]    [Back]

       SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list()
       do not return diagnostic information.

       SSL_CTX_add_client_CA() and SSL_add_client_CA() have the
       following return values:

       1   The operation succeeded.

       0   A failure while manipulating the STACK_OF(X509_NAME)
           object occurred or the X509_NAME could not be
           extracted from cacert. Check the error stack to find
           out the reason.

EXAMPLES    [Toc]    [Back]

       Scan all certificates in CAfile and list them as acceptable
 CAs:

         SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));

SEE ALSO    [Toc]    [Back]

      
      
       ssl(3), SSL_get_client_CA_list(3),
       SSL_load_client_CA_file(3),
       SSL_CTX_load_verify_locations(3)


OpenBSD 3.6                 2001-08-01                          2
[ Back ]
 Similar pages
Name OS Title
dhcpv6client_ui HP-UX DHCPv6 client interface for requesting configuration parameters from the DHCPv6 server.
ssh-certenroll Tru64 Certificate enrollment client
ssh-certenroll2 Tru64 Certificate enrollment client
SSL_CTX_get_client_cert_cb Tru64 Handle client certificate callback function
SSL_CTX_set_client_cert_cb NetBSD handle client certificate callback function
SSL_CTX_set_client_cert_cb Tru64 Handle client certificate callback function
SSL_CTX_set_client_cert_cb OpenBSD handle client certificate callback function
SSL_get_client_CA_list Tru64 Get list of client CAs
SSL_CTX_get_client_CA_list OpenBSD get list of client CAs
SSL_get_client_CA_list NetBSD get list of client CAs
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service