*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> SSL_CTX_use_certificate (3)              
Title
Content
Arch
Section
 

SSL_CTX_use_certificate(3)

Contents


NAME    [Toc]    [Back]

       SSL_CTX_use_certificate,     SSL_CTX_use_certificate_ASN1,
       SSL_CTX_use_certificate_file,         SSL_use_certificate,
       SSL_use_certificate_ASN1,        SSL_use_certificate_file,
       SSL_CTX_use_certificate_chain_file,       SSL_CTX_use_PrivateKey,
   SSL_CTX_use_PrivateKey_ASN1,   SSL_CTX_use_PrivateKey_file,
                   SSL_CTX_use_RSAPrivateKey,
       SSL_CTX_use_RSAPrivateKey_ASN1,        SSL_CTX_use_RSAPrivateKey_file,
    SSL_use_PrivateKey_file,     SSL_use_PrivateKey_ASN1,
  SSL_use_PrivateKey,  SSL_use_RSAPrivateKey,
       SSL_use_RSAPrivateKey_ASN1,    SSL_use_RSAPrivateKey_file,
       SSL_CTX_check_private_key - Load certificate and key data

SYNOPSIS    [Toc]    [Back]

       #include <openssl/ssl.h>

       int SSL_CTX_use_certificate(
               SSL_CTX  *ctx, X509 *x ); int SSL_CTX_use_certificate_ASN1(

               SSL_CTX *ctx, int len, unsigned  char  *d  );  int
       SSL_CTX_use_certificate_file(
               SSL_CTX  *ctx,  const  char *file, int type ); int
       SSL_use_certificate(
               SSL *ssl, X509 *x ); int SSL_use_certificate_ASN1(
               SSL  *ssl,  unsigned  char  *d,  int  len  );  int
       SSL_use_certificate_file(
               SSL *ssl,  const  char  *file,  int  type  );  int
       SSL_CTX_use_certificate_chain_file(
               SSL_CTX    *ctx,   const   char   *file   );   int
       SSL_CTX_use_PrivateKey(
               SSL_CTX    *ctx,    EVP_PKEY    *pkey    );    int
       SSL_CTX_use_PrivateKey_ASN1(
               int  pk,  SSL_CTX *ctx, unsigned char *d, long len
       ); int SSL_CTX_use_PrivateKey_file(
               SSL_CTX *ctx, const char *file, int  type  );  int
       SSL_CTX_use_RSAPrivateKey(
               SSL_CTX  *ctx, RSA *rsa ); int SSL_CTX_use_RSAPrivateKey_ASN1(

               SSL_CTX *ctx, unsigned char *d, long  len  );  int
       SSL_CTX_use_RSAPrivateKey_file(
               SSL_CTX  *ctx,  const  char *file, int type ); int
       SSL_use_PrivateKey(
               SSL  *ssl,  EVP_PKEY  *pkey  );  int  SSL_use_PrivateKey_ASN1(

               int pk,SSL *ssl, unsigned char *d, long len ); int
       SSL_use_PrivateKey_file(
               SSL *ssl,  const  char  *file,  int  type  );  int
       SSL_use_RSAPrivateKey(
               SSL   *ssl,   RSA   *rsa  );  int  SSL_use_RSAPrivateKey_ASN1(

               SSL *ssl,  unsigned  char  *d,  long  len  );  int
       SSL_use_RSAPrivateKey_file(
               SSL  *ssl,  const  char  *file,  int  type  ); int
       SSL_CTX_check_private_key(
               SSL_CTX *ctx );







DESCRIPTION    [Toc]    [Back]

       These functions load the  certificates  and  private  keys
       into the SSL_CTX or SSL object, respectively.

       The  SSL_CTX_*  class  of functions loads the certificates
       and keys into the SSL_CTX object ctx. The  information  is
       passed  to  SSL  objects  ssl  created  from  ctx with the
       SSL_new() function by copying, so that changes applied  to
       ctx do not propagate to already existing SSL objects.

       The  SSL_*  class of functions only loads certificates and
       keys into a specific SSL object. The specific  information
       is kept when SSL_clear() is called for this SSL object.

       The  SSL_CTX_use_certificate() function loads the certificate
 x into ctx, and  the  SSL_use_certificate()  function
       loads  x  into ssl. The rest of the certificates needed to
       form the complete certificate chain can be specified using
       the SSL_CTX_add_extra_chain_cert() function.

       The SSL_CTX_use_certificate_ASN1() function loads the ASN1
       encoded certificate  from  the  memory  location  d  (with
       length len) into ctx. The SSL_use_certificate_ASN1() function
 loads the ASN1 encoded certificate into ssl.

       The  SSL_CTX_use_certificate_file()  function  loads   the
       first  certificate stored in file into ctx. The formatting
       type of the certificate must be specified from  the  known
       types     SSL_FILETYPE_PEM,     SSL_FILETYPE_ASN1.     The
       SSL_use_certificate_file() function loads the  certificate
       from file into ssl.

       The  SSL_CTX_use_certificate_chain_file() function loads a
       certificate chain from file  into  ctx.  The  certificates
       must be in PEM format and must be sorted starting with the
       certificate to the highest level (root CA).  There  is  no
       corresponding function working on a single SSL object.

       The SSL_CTX_use_PrivateKey() function adds pkey as private
       key to ctx. The SSL_CTX_use_RSAPrivateKey() function  adds
       the  private  key rsa of type RSA to ctx. The SSL_use_PrivateKey()
 function adds pkey as private key  to  ssl.  The
       SSL_use_RSAPrivateKey()  function  adds rsa as private key
       of type RSA to ssl.

       The SSL_CTX_use_PrivateKey_ASN1() function adds  the  private
  key  of  type pk stored at memory location d (length
       len) to ctx. The SSL_CTX_use_RSAPrivateKey_ASN1() function
       adds the private key of type RSA stored at memory location
       d (length len) to ctx. The  SSL_use_PrivateKey_ASN1()  and
       SSL_use_RSAPrivateKey_ASN1() functions add the private key
       to ssl.

       The SSL_CTX_use_PrivateKey_file() function adds the  first
       private  key found in file to ctx.  The formatting type of
       the certificate must be specified  from  the  known  types
       SSL_FILETYPE_PEM,          SSL_FILETYPE_ASN1.          The
       SSL_CTX_use_RSAPrivateKey_file() function adds  the  first
       private  RSA  key  found in file to ctx.  The SSL_use_PrivateKey_file()
 function adds the first private  key  found
       in  file to ssl. The SSL_use_RSAPrivateKey_file() function
       adds the first private RSA key found to ssl.

       The SSL_CTX_check_private_key() funciton checks  the  consistency
   of   a   private  key  with  the  corresponding
       certificate loaded into ctx. If more than one key/certificate
  pair (RSA/DSA) is installed, the last item installed
       will be checked. If, for example, the last item was an RSA
       certificate  or  key, the RSA key/certificate pair will be
       checked. TheSSL_check_private_key() function performs  the
       same  check  for  ssl. If no key/certificate was added for
       this ssl, the last item added into ctx will be checked.

                                  Note

       The internal certificate store of  OpenSSL  can  hold  two
       private  key/certificate pairs at a time: one key/certificate
 of type RSA and one key/certificate of type DSA.  The
       certificate   used  depends  on  the  cipher  select.  See
       SSL_CTX_set_cipher_list(3).

       When reading certificates  and  private  keys  from  file,
       files of type SSL_FILETYPE_ASN1 (also known as DER, binary
       encoding) can only contain one certificate or private key.
       Consequently,    the  SSL_CTX_use_certificate_chain_file()
       function is only applicable to PEM  formatting.  Files  of
       type SSL_FILETYPE_PEM can contain more than one item.

       The SSL_CTX_use_certificate_chain_file() function adds the
       first certificate found in the  file  to  the  certificate
       store.  The  other  certificates are added to the store of
       chain           certificates           using           the
       SSL_CTX_add_extra_chain_cert() function. There exists only
       one extra chain store, so that the same chain is  appended
       to  both  types of certificates, RSA and DSA. If it is not
       intended to use both types  of  certificate  at  the  same
       time,    you    should    use   the   SSL_CTX_use_certificate_chain_file()
 function instead of the SSL_CTX_use_certificate_file()
  function. This allows the use of complete
       certificate chains even when no trusted CA storage is used
       or  when the CA issuing the certificate shall not be added
       to the trusted CA storage.

       If additional certificates  are  needed  to  complete  the
       chain  during  the  TLS  negotiation,  CA certificates are
       additionally looked up in the locations of trusted CA certificates.
 See SSL_CTX_load_verify_locations(3).

       The  private  keys  loaded  from file can be encrypted. In
       order to successfully  load  encrypted  keys,  a  function
       returning  the  passphrase  must have been supplied,.  See
       SSL_CTX_set_default_passwd_cb(3). (Certificate files  also
       might  be  encrypted from the technical point of view, but
       it is unnecessary because the data in the  certificate  is
       considered public.)

RETURN VALUES    [Toc]    [Back]

       On  success,  the functions return 1. Otherwise, check the
       error stack to find the reason.

SEE ALSO    [Toc]    [Back]

      
      
       Functions:     ssl(3),      SSL_new(3),      SSL_clear(3),
       SSL_check_private_key(3),        SSL_CTX_load_verify_locations(3),                SSL_CTX_set_default_passwd_cb(3),
       SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_cert_cb(3),
       SSL_CTX_add_extra_chain_cert(3)



                                       SSL_CTX_use_certificate(3)
[ Back ]
 Similar pages
Name OS Title
SSL_load_client_CA_file NetBSD load certificate names from file
SSL_load_client_CA_file OpenBSD load certificate names from file
SSL_load_client_CA_file Tru64 Load certificate names from file
DtDtsLoadDataTypes HP-UX load and initialize the data types database
DtEditorSetContentsFromFile HP-UX load data from a file into a DtEditor widget
DtDbLoad HP-UX load actions and data types database
CL_CertGroupToSignedBundle Tru64 Convert a certificate group to a certificate bundle (CDSA)
CSSM_CL_CertGroupToSignedBundle Tru64 Convert a certificate group to a certificate bundle (CDSA)
CSSM_TP_CertRevoke Tru64 Determine if the revoking certificate group can revoke the subject certificate group (CDSA)
TP_CertRevoke Tru64 Determine if the revoking certificate group can revoke the subject certificate group (CDSA)
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service