opensolaris man page for ssl_ctx_set_client_ca_list

Opensolaris Man Pages All Man Pages Latest Topics Forum Categories

Query: ssl_ctx_set_client_ca_list

OS: opensolaris

Section: 3openssl

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

SSL_CTX_set_client_CA_list(3openssl)				      OpenSSL				      SSL_CTX_set_client_CA_list(3openssl)


NAME

       SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, SSL_add_client_CA - set list of CAs sent to the client when
       requesting a client certificate


SYNOPSIS

	#include <openssl/ssl.h>

	void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
	void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
	int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
	int SSL_add_client_CA(SSL *ssl, X509 *cacert);


DESCRIPTION

       SSL_CTX_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for ctx.

       SSL_set_client_CA_list() sets the list of CAs sent to the client when requesting a client certificate for the chosen ssl, overriding the
       setting valid for ssl's SSL_CTX object.

       SSL_CTX_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate
       for ctx.

       SSL_add_client_CA() adds the CA name extracted from cacert to the list of CAs sent to the client when requesting a client certificate for
       the chosen ssl, overriding the setting valid for ssl's SSL_CTX object.


NOTES

       When a TLS/SSL server requests a client certificate (see SSL_CTX_set_verify_options()), it sends a list of CAs, for which it will accept
       certificates, to the client.

       This list must explicitly be set using SSL_CTX_set_client_CA_list() for ctx and SSL_set_client_CA_list() for the specific ssl. The list
       specified overrides the previous setting. The CAs listed do not become trusted (list only contains the names, not the complete certifi-
       cates); use SSL_CTX_load_verify_locations(3) to additionally load them for verification.

       If the list of acceptable CAs is compiled in a file, the SSL_load_client_CA_file(3) function can be used to help importing the necessary
       data.

       SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional items the list of client CAs. If no list was specified before
       using SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client CA list for ctx or ssl (as appropriate) is opened.

       These functions are only useful for TLS/SSL servers.


RETURN VALUES

       SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return diagnostic information.

       SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return values:

       1   The operation succeeded.

       0   A failure while manipulating the STACK_OF(X509_NAME) object occurred or the X509_NAME could not be extracted from cacert. Check the
	   error stack to find out the reason.


EXAMPLES

       Scan all certificates in CAfile and list them as acceptable CAs:

	 SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));


SEE ALSO

       ssl(3), SSL_get_client_CA_list(3), SSL_load_client_CA_file(3), SSL_CTX_load_verify_locations(3)

OpenSSL-0.9.8							    Oct 11 2005 			      SSL_CTX_set_client_CA_list(3openssl)
Related Man Pages
ssl_add_client_ca(3) - redhat
ssl_ctx_add_client_ca(3ssl) - linux
ssl_ctx_set_client_ca_list(3) - opendarwin
ssl_set_client_ca_list(3) - centos
ssl_add_client_ca(3openssl) - opensolaris
Similar Topics in the Unix Linux Community
PHP Man Pages Now Available (Over 10,000)
Change directory for core file
Free Sun Blade 2k, Ultra 2, Ross Hyperstation 30, cards, memory- Baltimore, MD
What's legal and what's not?
Shopt -s histappend