NAME
SSLCTXusecertificate, SSLCTXusecertificateASN1, SSLCTXusecertificatefile, SSLusecertificate, SSLusecertificateASN1, SSLusecertificatefile, SSLCTXusecertificatechainfile, SSLCTXusePrivateKey, SSLCTXusePrivateKeyASN1, SSLCTXusePrivateKeyfile, SSLCTXuseRSAPrivateKey, SSLCTXuseRSAPrivateKeyASN1, SSLCTXuseRSAPrivateKeyfile, SSLusePrivateKeyfile, SSLusePrivateKeyASN1, SSLusePrivateKey, SSLuseRSAPrivateKey, SSLuseRSAPrivateKeyASN1, SSLuseRSAPrivateKeyfile,SSLCTXcheckprivatekey, SSLcheckprivatekey - load certificate and
key dataSYNOPSIS
#include
int SSLCTXusecertificate(SSLCTX *ctx, X509 *x); int SSLCTXusecertificateASN1(SSLCTX *ctx, int len, unsigned char *d); int SSLCTXusecertificatefile(SSLCTX *ctx, const char *file, int type); int SSLusecertificate(SSL *ssl, X509 *x); int SSLusecertificateASN1(SSL *ssl, unsigned char *d, int len); int SSLusecertificatefile(SSL *ssl, const char *file, int type); int SSLCTXusecertificatechainfile(SSLCTX *ctx, const char *file); int SSLCTXusePrivateKey(SSLCTX *ctx, EVPPKEY *pkey); int SSLCTXusePrivateKeyASN1(int pk, SSLCTX *ctx, unsigned char *d, long len); int SSLCTXusePrivateKeyfile(SSLCTX *ctx, const char *file, int type); int SSLCTXuseRSAPrivateKey(SSLCTX *ctx, RSA *rsa); int SSLCTXuseRSAPrivateKeyASN1(SSLCTX *ctx, unsigned char *d, long len); int SSLCTXuseRSAPrivateKeyfile(SSLCTX *ctx, const char *file, int type); int SSLusePrivateKey(SSL *ssl, EVPPKEY *pkey); int SSLusePrivateKeyASN1(int pk,SSL *ssl, unsigned char *d, long len); int SSLusePrivateKeyfile(SSL *ssl, const char *file, int type); int SSLuseRSAPrivateKey(SSL *ssl, RSA *rsa); int SSLuseRSAPrivateKeyASN1(SSL *ssl, unsigned char *d, long len); int SSLuseRSAPrivateKeyfile(SSL *ssl, const char *file, int type); int SSLCTXcheckprivatekey(const SSLCTX *ctx); int SSLcheckprivatekey(const SSL *ssl);DESCRIPTION
These functions load the certificates and private keys into the SSLCTX or SSL object, respectively. The SSLCTX* class of functions loads the certificates and keys into the SSLCTX object ccttxx. The information is passed to SSL objects ssssll created from ccttxx with SSLnew(3) by copying, so that changes applied to ccttxx do not propagate to already existing SSL objects. The SSL* class of functions only loads certificates and keys into a specific SSL object. The specific information is kept, when SSLclear(3) is called for this SSL object. SSLCTXusecertificate() loads the certificate xx into ccttxx, SSLusecertificate() loads xx into ssssll. The rest of the certificates needed to form the complete certificate chain can be specified using the SSLCTXaddextrachaincert(3) function. SSLCTXusecertificateASN1() loads the ASN1 encoded certificate from the memory location dd (with length lleenn) into ccttxx, SSLusecertificateASN1() loads the ASN1 encoded certificate into ssssll. SSLCTXusecertificatefile() loads the first certificate stored in ffiillee into ccttxx. The formatting ttyyppee of the certificate must be specified from the known types SSLFILETYPEPEM, SSLFILETYPEASN1. SSLusecertificatefile() loads the certificate from ffiillee into ssssll.See the NOTES section on why SSLCTXusecertificatechainfile()
should be preferred. SSLCTXusecertificatechainfile() loads a certificate chain from ffiillee into ccttxx. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. There is no corresponding function working on a single SSL object. SSLCTXusePrivateKey() adds ppkkeeyy as private key to ccttxx. SSLCTXuseRSAPrivateKey() adds the private key rrssaa of type RSA to ccttxx. SSLusePrivateKey() adds ppkkeeyy as private key to ssssll; SSLuseRSAPrivateKey() adds rrssaa as private key of type RSA to ssssll. SSLCTXusePrivateKeyASN1() adds the private key of type ppkk stored at memory location dd (length lleenn) to ccttxx. SSLCTXuseRSAPrivateKeyASN1() adds the private key of type RSA stored at memory location dd (length lleenn) to ccttxx. SSLusePrivateKeyASN1() and SSLuseRSAPrivateKeyASN1() add the private key to ssssll. SSLCTXusePrivateKeyfile() adds the first private key found in ffiillee to ccttxx. The formatting ttyyppee of the certificate must be specified from the known types SSLFILETYPEPEM, SSLFILETYPEASN1. SSLCTXuseRSAPrivateKeyfile() adds the first private RSA key found in ffiillee to ccttxx. SSLusePrivateKeyfile() adds the first private key found in ffiillee to ssssll; SSLuseRSAPrivateKeyfile() adds the first private RSA key found to ssssll. SSLCTXcheckprivatekey() checks the consistency of a private key with the corresponding certificate loaded into ccttxx. If more than one key/certificate pair (RSA/DSA) is installed, the last item installed will be checked. If e.g. the last item was a RSA certificate or key, the RSA key/certificate pair will be checked. SSLcheckprivatekey() performs the same check for ssssll. If no key/certificate was explicitly added for this ssssll, the last item added into ccttxx will be checked. NNOOTTEESS The internal certificate store of OpenSSL can hold two private key/certificate pairs at a time: one key/certificate of type RSA and one key/certificate of type DSA. The certificate used depends on the cipher select, see also SSLCTXsetcipherlist(3). When reading certificates and private keys from file, files of type SSLFILETYPEASN1 (also known as DDEERR, binary encoding) can only contain one certificate or private key, consequently SSLCTXusecertificatechainfile() is only applicable to PEM formatting. Files of type SSLFILETYPEPEM can contain more than one item. SSLCTXusecertificatechainfile() adds the first certificate found in the file to the certificate store. The other certificates are added to the store of chain certificates using SSLCTXaddextrachaincert(3). There exists only one extra chain store, so that the same chain is appended to both types of certificates, RSA and DSA! If it is not intended to use both type of certificate at the same time, it is recommended to use the SSLCTXusecertificatechainfile() instead of the SSLCTXusecertificatefile() function in order to allow the use of complete certificate chains even when no trusted CA storage is used or when the CA issuing the certificate shall not be added to the trusted CA storage. If additional certificates are needed to complete the chain during the TLS negotiation, CA certificates are additionally looked up in the locations of trusted CA certificates, see SSLCTXloadverifylocations(3). The private keys loaded from file can be encrypted. In order to successfully load encrypted keys, a function returning the passphrase must have been supplied, see SSLCTXsetdefaultpasswdcb(3). (Certificate files might be encrypted as well from the technical point of view, it however does not make sense as the data in the certificate is considered public anyway.)RETURN VALUES
On success, the functions return 1. Otherwise check out the error stack to find out the reason.SEE ALSO
ssl(3), SSLnew(3), SSLclear(3), SSLCTXloadverifylocations(3), SSLCTXsetdefaultpasswdcb(3), SSLCTXsetcipherlist(3), SSLCTXsetclientcertcb(3), SSLCTXaddextrachaincert(3)0.9.7l 2005-03-30 SSLCTXusecertificate(3)