|
|
SSL_CTX_use_certificate(3)
Contents
|
SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1,
SSL_CTX_use_certificate_file, SSL_use_certificate,
SSL_use_certificate_ASN1, SSL_use_certificate_file,
SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey,
SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file,
SSL_CTX_use_RSAPrivateKey,
SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file,
SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1,
SSL_use_PrivateKey, SSL_use_RSAPrivateKey,
SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file,
SSL_CTX_check_private_key - Load certificate and key data
#include <openssl/ssl.h>
int SSL_CTX_use_certificate(
SSL_CTX *ctx, X509 *x ); int SSL_CTX_use_certificate_ASN1(
SSL_CTX *ctx, int len, unsigned char *d ); int
SSL_CTX_use_certificate_file(
SSL_CTX *ctx, const char *file, int type ); int
SSL_use_certificate(
SSL *ssl, X509 *x ); int SSL_use_certificate_ASN1(
SSL *ssl, unsigned char *d, int len ); int
SSL_use_certificate_file(
SSL *ssl, const char *file, int type ); int
SSL_CTX_use_certificate_chain_file(
SSL_CTX *ctx, const char *file ); int
SSL_CTX_use_PrivateKey(
SSL_CTX *ctx, EVP_PKEY *pkey ); int
SSL_CTX_use_PrivateKey_ASN1(
int pk, SSL_CTX *ctx, unsigned char *d, long len
); int SSL_CTX_use_PrivateKey_file(
SSL_CTX *ctx, const char *file, int type ); int
SSL_CTX_use_RSAPrivateKey(
SSL_CTX *ctx, RSA *rsa ); int SSL_CTX_use_RSAPrivateKey_ASN1(
SSL_CTX *ctx, unsigned char *d, long len ); int
SSL_CTX_use_RSAPrivateKey_file(
SSL_CTX *ctx, const char *file, int type ); int
SSL_use_PrivateKey(
SSL *ssl, EVP_PKEY *pkey ); int SSL_use_PrivateKey_ASN1(
int pk,SSL *ssl, unsigned char *d, long len ); int
SSL_use_PrivateKey_file(
SSL *ssl, const char *file, int type ); int
SSL_use_RSAPrivateKey(
SSL *ssl, RSA *rsa ); int SSL_use_RSAPrivateKey_ASN1(
SSL *ssl, unsigned char *d, long len ); int
SSL_use_RSAPrivateKey_file(
SSL *ssl, const char *file, int type ); int
SSL_CTX_check_private_key(
SSL_CTX *ctx );
These functions load the certificates and private keys
into the SSL_CTX or SSL object, respectively.
The SSL_CTX_* class of functions loads the certificates
and keys into the SSL_CTX object ctx. The information is
passed to SSL objects ssl created from ctx with the
SSL_new() function by copying, so that changes applied to
ctx do not propagate to already existing SSL objects.
The SSL_* class of functions only loads certificates and
keys into a specific SSL object. The specific information
is kept when SSL_clear() is called for this SSL object.
The SSL_CTX_use_certificate() function loads the certificate
x into ctx, and the SSL_use_certificate() function
loads x into ssl. The rest of the certificates needed to
form the complete certificate chain can be specified using
the SSL_CTX_add_extra_chain_cert() function.
The SSL_CTX_use_certificate_ASN1() function loads the ASN1
encoded certificate from the memory location d (with
length len) into ctx. The SSL_use_certificate_ASN1() function
loads the ASN1 encoded certificate into ssl.
The SSL_CTX_use_certificate_file() function loads the
first certificate stored in file into ctx. The formatting
type of the certificate must be specified from the known
types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. The
SSL_use_certificate_file() function loads the certificate
from file into ssl.
The SSL_CTX_use_certificate_chain_file() function loads a
certificate chain from file into ctx. The certificates
must be in PEM format and must be sorted starting with the
certificate to the highest level (root CA). There is no
corresponding function working on a single SSL object.
The SSL_CTX_use_PrivateKey() function adds pkey as private
key to ctx. The SSL_CTX_use_RSAPrivateKey() function adds
the private key rsa of type RSA to ctx. The SSL_use_PrivateKey()
function adds pkey as private key to ssl. The
SSL_use_RSAPrivateKey() function adds rsa as private key
of type RSA to ssl.
The SSL_CTX_use_PrivateKey_ASN1() function adds the private
key of type pk stored at memory location d (length
len) to ctx. The SSL_CTX_use_RSAPrivateKey_ASN1() function
adds the private key of type RSA stored at memory location
d (length len) to ctx. The SSL_use_PrivateKey_ASN1() and
SSL_use_RSAPrivateKey_ASN1() functions add the private key
to ssl.
The SSL_CTX_use_PrivateKey_file() function adds the first
private key found in file to ctx. The formatting type of
the certificate must be specified from the known types
SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. The
SSL_CTX_use_RSAPrivateKey_file() function adds the first
private RSA key found in file to ctx. The SSL_use_PrivateKey_file()
function adds the first private key found
in file to ssl. The SSL_use_RSAPrivateKey_file() function
adds the first private RSA key found to ssl.
The SSL_CTX_check_private_key() funciton checks the consistency
of a private key with the corresponding
certificate loaded into ctx. If more than one key/certificate
pair (RSA/DSA) is installed, the last item installed
will be checked. If, for example, the last item was an RSA
certificate or key, the RSA key/certificate pair will be
checked. TheSSL_check_private_key() function performs the
same check for ssl. If no key/certificate was added for
this ssl, the last item added into ctx will be checked.
Note
The internal certificate store of OpenSSL can hold two
private key/certificate pairs at a time: one key/certificate
of type RSA and one key/certificate of type DSA. The
certificate used depends on the cipher select. See
SSL_CTX_set_cipher_list(3).
When reading certificates and private keys from file,
files of type SSL_FILETYPE_ASN1 (also known as DER, binary
encoding) can only contain one certificate or private key.
Consequently, the SSL_CTX_use_certificate_chain_file()
function is only applicable to PEM formatting. Files of
type SSL_FILETYPE_PEM can contain more than one item.
The SSL_CTX_use_certificate_chain_file() function adds the
first certificate found in the file to the certificate
store. The other certificates are added to the store of
chain certificates using the
SSL_CTX_add_extra_chain_cert() function. There exists only
one extra chain store, so that the same chain is appended
to both types of certificates, RSA and DSA. If it is not
intended to use both types of certificate at the same
time, you should use the SSL_CTX_use_certificate_chain_file()
function instead of the SSL_CTX_use_certificate_file()
function. This allows the use of complete
certificate chains even when no trusted CA storage is used
or when the CA issuing the certificate shall not be added
to the trusted CA storage.
If additional certificates are needed to complete the
chain during the TLS negotiation, CA certificates are
additionally looked up in the locations of trusted CA certificates.
See SSL_CTX_load_verify_locations(3).
The private keys loaded from file can be encrypted. In
order to successfully load encrypted keys, a function
returning the passphrase must have been supplied,. See
SSL_CTX_set_default_passwd_cb(3). (Certificate files also
might be encrypted from the technical point of view, but
it is unnecessary because the data in the certificate is
considered public.)
On success, the functions return 1. Otherwise, check the
error stack to find the reason.
Functions: ssl(3), SSL_new(3), SSL_clear(3),
SSL_check_private_key(3), SSL_CTX_load_verify_locations(3), SSL_CTX_set_default_passwd_cb(3),
SSL_CTX_set_cipher_list(3), SSL_CTX_set_client_cert_cb(3),
SSL_CTX_add_extra_chain_cert(3)
SSL_CTX_use_certificate(3)
[ Back ] |
