Manual Pages for UNIX Darwin command on man SSL_add_client_CA
MyWebUniversity

Manual Pages for UNIX Darwin command on man SSL_add_client_CA

SSLCTXsetclientCAlist(3) OpenSSL SSLCTXsetclientCAlist(3)





NAME
       SSLCTXsetclientCAlist, SSLsetclientCAlist,

       SSLCTXaddclientCA, SSLaddclientCA - set list of CAs sent to the

       client when requesting a client certificate


SYNOPSIS
        #include 



        void SSLCTXsetclientCAlist(SSLCTX *ctx, STACKOF(X509NAME) *list);

        void SSLsetclientCAlist(SSL *s, STACKOF(X509NAME) *list);

        int SSLCTXaddclientCA(SSLCTX *ctx, X509 *cacert);
        int SSLaddclientCA(SSL *ssl, X509 *cacert);


DESCRIPTION
       SSLCTXsetclientCAlist() sets the lliisstt of CAs sent to the client
       when requesting a client certificate for ccttxx.

       SSLsetclientCAlist() sets the lliisstt of CAs sent to the client when
       requesting a client certificate for the chosen ssssll, overriding the
       setting valid for ssssll's SSLCTX object.

       SSLCTXaddclientCA() adds the CA name extracted from ccaacceerrtt to the
       list of CAs sent to the client when requesting a client certificate for
       ccttxx.

       SSLaddclientCA() adds the CA name extracted from ccaacceerrtt to the list
       of CAs sent to the client when requesting a client certificate for the
       chosen ssssll, overriding the setting valid for ssssll's SSLCTX object.

NNOOTTEESS
       When a TLS/SSL server requests a client certificate (see
       SSSSLLCCTTXXsseettvveerriiffyyooppttiioonnss(())), it sends a list of CAs, for which it
       will accept certificates, to the client.

       This list must explicitly be set using SSLCTXsetclientCAlist() for
       ccttxx and SSLsetclientCAlist() for the specific ssssll. The list
       specified overrides the previous setting. The CAs listed do not become
       trusted (lliisstt only contains the names, not the complete certificates);
       use SSLCTXloadverifylocations(3) to additionally load them for
       verification.

       If the list of acceptable CAs is compiled in a file, the
       SSLloadclientCAfile(3) function can be used to help importing the
       necessary data.

       SSLCTXaddclientCA() and SSLaddclientCA() can be used to add
       additional items the list of client CAs. If no list was specified
       before using SSLCTXsetclientCAlist() or SSLsetclientCAlist(),
       a new client CA list for ccttxx or ssssll (as appropriate) is opened.

       These functions are only useful for TLS/SSL servers.


RETURN VALUES
       SSLCTXsetclientCAlist() and SSLsetclientCAlist() do not return
       diagnostic information.

       SSLCTXaddclientCA() and SSLaddclientCA() have the following
       return values:

       1.  The operation succeeded.


       2.  A failure while manipulating the STACKOF(X509NAME) object

           occurred or the X509NAME could not be extracted from ccaacceerrtt. Check

           the error stack to find out the reason.

EEXXAAMMPPLLEESS
       Scan all certificates in CCAAffiillee and list them as acceptable CAs:

         SSLCTXsetclientCAlist(ctx,SSLloadclientCAfile(CAfile));


SEE ALSO
       ssl(3), SSLgetclientCAlist(3), SSLloadclientCAfile(3),
       SSLCTXloadverifylocations(3)

PPOODD EERRRROORRSS
       e! The above document had some coding errors, which are explained       bbeellooww::

       Around line 73:
           You have '=item 0' instead of the expected '=item 2'




0.9.7l                            2001-04-12     SSLCTXsetclientCAlist(3)



Contact us      |      About us      |      Term of use      |       Copyright © 2000-2019 MyWebUniversity.com ™