1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncherySSL_load_client_CA_file_ex, SSL_load_client_CA_file, 617f01e99SJung-uk KimSSL_add_file_cert_subjects_to_stack, 7b077aed3SPierre ProncherySSL_add_dir_cert_subjects_to_stack, 8b077aed3SPierre ProncherySSL_add_store_cert_subjects_to_stack 917f01e99SJung-uk Kim- load certificate names 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim=head1 SYNOPSIS 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim #include <openssl/ssl.h> 14e71b7053SJung-uk Kim 15b077aed3SPierre Pronchery STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file, 16b077aed3SPierre Pronchery OSSL_LIB_CTX *libctx, 17b077aed3SPierre Pronchery const char *propq); 18e71b7053SJung-uk Kim STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); 19e71b7053SJung-uk Kim 2017f01e99SJung-uk Kim int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 21b077aed3SPierre Pronchery const char *file); 2217f01e99SJung-uk Kim int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 23b077aed3SPierre Pronchery const char *dir); 24b077aed3SPierre Pronchery int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, 25b077aed3SPierre Pronchery const char *store); 2617f01e99SJung-uk Kim 27e71b7053SJung-uk Kim=head1 DESCRIPTION 28e71b7053SJung-uk Kim 29b077aed3SPierre ProncherySSL_load_client_CA_file_ex() reads certificates from I<file> and returns 30b077aed3SPierre Proncherya STACK_OF(X509_NAME) with the subject names found. The library context I<libctx> 31b077aed3SPierre Proncheryand property query I<propq> are used when fetching algorithms from providers. 32b077aed3SPierre Pronchery 33b077aed3SPierre ProncherySSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex() 34b077aed3SPierre Proncherybut uses NULL for the library context I<libctx> and property query I<propq>. 35e71b7053SJung-uk Kim 3617f01e99SJung-uk KimSSL_add_file_cert_subjects_to_stack() reads certificates from I<file>, 3717f01e99SJung-uk Kimand adds their subject name to the already existing I<stack>. 3817f01e99SJung-uk Kim 3917f01e99SJung-uk KimSSL_add_dir_cert_subjects_to_stack() reads certificates from every 4017f01e99SJung-uk Kimfile in the directory I<dir>, and adds their subject name to the 4117f01e99SJung-uk Kimalready existing I<stack>. 4217f01e99SJung-uk Kim 43b077aed3SPierre ProncherySSL_add_store_cert_subjects_to_stack() loads certificates from the 44b077aed3SPierre ProncheryI<store> URI, and adds their subject name to the already existing 45b077aed3SPierre ProncheryI<stack>. 46b077aed3SPierre Pronchery 47e71b7053SJung-uk Kim=head1 NOTES 48e71b7053SJung-uk Kim 49e71b7053SJung-uk KimSSL_load_client_CA_file() reads a file of PEM formatted certificates and 50e71b7053SJung-uk Kimextracts the X509_NAMES of the certificates found. While the name suggests 51e71b7053SJung-uk Kimthe specific usage as support function for 52e71b7053SJung-uk KimL<SSL_CTX_set_client_CA_list(3)>, 53e71b7053SJung-uk Kimit is not limited to CA certificates. 54e71b7053SJung-uk Kim 55e71b7053SJung-uk Kim=head1 RETURN VALUES 56e71b7053SJung-uk Kim 57*44096ebdSEnji CooperThe following return values can occur for SSL_load_client_CA_file_ex(), and 58*44096ebdSEnji CooperSSL_load_client_CA_file(): 59e71b7053SJung-uk Kim 60e71b7053SJung-uk Kim=over 4 61e71b7053SJung-uk Kim 62e71b7053SJung-uk Kim=item NULL 63e71b7053SJung-uk Kim 64e71b7053SJung-uk KimThe operation failed, check out the error stack for the reason. 65e71b7053SJung-uk Kim 66e71b7053SJung-uk Kim=item Pointer to STACK_OF(X509_NAME) 67e71b7053SJung-uk Kim 68e71b7053SJung-uk KimPointer to the subject names of the successfully read certificates. 69e71b7053SJung-uk Kim 70e71b7053SJung-uk Kim=back 71e71b7053SJung-uk Kim 72*44096ebdSEnji CooperThe following return values can occur for SSL_add_file_cert_subjects_to_stack(), 73*44096ebdSEnji CooperSSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack(): 74*44096ebdSEnji Cooper 75*44096ebdSEnji Cooper=over 4 76*44096ebdSEnji Cooper 77*44096ebdSEnji Cooper=item 0 (Failure) 78*44096ebdSEnji Cooper 79*44096ebdSEnji CooperThe operation failed. 80*44096ebdSEnji Cooper 81*44096ebdSEnji Cooper=item 1 (Success) 82*44096ebdSEnji Cooper 83*44096ebdSEnji CooperThe operation succeeded. 84*44096ebdSEnji Cooper 85*44096ebdSEnji Cooper=back 86*44096ebdSEnji Cooper 87610a21fdSJung-uk Kim=head1 EXAMPLES 88610a21fdSJung-uk Kim 89610a21fdSJung-uk KimLoad names of CAs from file and use it as a client CA list: 90610a21fdSJung-uk Kim 91610a21fdSJung-uk Kim SSL_CTX *ctx; 92610a21fdSJung-uk Kim STACK_OF(X509_NAME) *cert_names; 93610a21fdSJung-uk Kim 94610a21fdSJung-uk Kim ... 95610a21fdSJung-uk Kim cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); 96610a21fdSJung-uk Kim if (cert_names != NULL) 97610a21fdSJung-uk Kim SSL_CTX_set_client_CA_list(ctx, cert_names); 98610a21fdSJung-uk Kim else 99610a21fdSJung-uk Kim /* error */ 100610a21fdSJung-uk Kim ... 101610a21fdSJung-uk Kim 102e71b7053SJung-uk Kim=head1 SEE ALSO 103e71b7053SJung-uk Kim 104e71b7053SJung-uk KimL<ssl(7)>, 105b077aed3SPierre ProncheryL<ossl_store(7)>, 106e71b7053SJung-uk KimL<SSL_CTX_set_client_CA_list(3)> 107e71b7053SJung-uk Kim 108b077aed3SPierre Pronchery=head1 HISTORY 109b077aed3SPierre Pronchery 110b077aed3SPierre ProncherySSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack() 111b077aed3SPierre Proncherywere added in OpenSSL 3.0. 112b077aed3SPierre Pronchery 113e71b7053SJung-uk Kim=head1 COPYRIGHT 114e71b7053SJung-uk Kim 115*44096ebdSEnji CooperCopyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved. 116e71b7053SJung-uk Kim 117b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 118e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 119e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 120e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 121e71b7053SJung-uk Kim 122e71b7053SJung-uk Kim=cut 123