neon API reference NE_SSL_CLIENT_CERT(3)
NAME
ne_ssl_clicert_read, ne_ssl_clicert_name,
ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt,
ne_ssl_clicert_owner, ne_ssl_clicert_free - SSL client
certificate handling
SYNOPSIS
#include
ne_ssl_client_cert
*ne_ssl_clicert_read(const char *filename);
const char
*ne_ssl_clicert_name(const ne_ssl_client_cert *ccert);
int
ne_ssl_clicert_encrypted(const ne_ssl_client_cert *ccert);
int ne_ssl_clicert_decrypt(ne_ssl_client_cert *ccert,
const char *password);
const ne_ssl_certificate
*ne_ssl_clicert_owner(const ne_ssl_client_cert *ccert);
void ne_ssl_clicert_free(ne_ssl_client_cert *ccert);
DESCRIPTION
The ne_ssl_clicert_read function reads a client certificate
from a PKCS#12-formatted file, and returns an
ne_ssl_client_cert object. If the client certificate is
encrypted, it must be decrypted before it is used. An
ne_ssl_client_cert object holds a client certificate and the
associated private key, not just a certificate; the term
"client certificate" will used to refer to this pair.
A client certificate can be in one of two states: encrypted
or decrypted. The ne_ssl_clicert_encrypted function will
return non-zero if the client certificate is in the
encrypted state. A client certificate object returned by
ne_ssl_clicert_read may be initially in either state,
depending on whether the file was encrypted or not.
ne_ssl_clicert_decrypt can be used to decrypt a client
certificate using the appropriate password. This function
must only be called if the object is in the encrypted state;
if decryption fails, the certificate state does not change,
so decryption can be attempted more than once using
different passwords.
A client certificate can be given a "friendly name" when it
is created; ne_ssl_clicert_name will return this name (or
NULL if no friendly name was specified).
neon 0.29.0 Last change: 13 September 2009 1
neon API reference NE_SSL_CLIENT_CERT(3)
ne_ssl_clicert_name can be used when the client certificate
is in either the encrypted or decrypted state, and will
return the same string for the lifetime of the object.
The function ne_ssl_clicert_owner returns the certificate
part of the client certificate; it must only be called if
the client certificate is in the decrypted state.
When the client certificate is no longer needed, the
ne_ssl_clicert_free function should be used to destroy the
object.
RETURN VALUE
ne_ssl_clicert_read returns a client certificate object, or
NULL if the file could not be read.
ne_ssl_clicert_encrypted returns zero if the object is in
the decrypted state, or non-zero if it is in the encrypted
state. ne_ssl_clicert_name returns a NUL-terminated
friendly name string, or NULL. ne_ssl_clicert_owner returns
a certificate object.
EXAMPLES
The following code reads a client certificate and decrypts
it if necessary, then loads it into an HTTP session.
ne_ssl_client_cert *ccert;
ccert = ne_ssl_clicert_read("/path/to/client.p12");
if (ccert == NULL) {
/* handle error... */
} else if (ne_ssl_clicert_encrypted(ccert)) {
char *password = prompt_for_password();
if (ne_ssl_clicert_decrypt(ccert, password)) {
/* could not decrypt! handle error... */
}
}
ne_ssl_set_clicert(sess, ccert);
SEE ALSO
ne_ssl_cert_read
AUTHOR
Joe Orton
Author.
COPYRIGHT
ATTRIBUTES
See attributes(5) for descriptions of the following
attributes:
neon 0.29.0 Last change: 13 September 2009 2
neon API reference NE_SSL_CLIENT_CERT(3)
box; cbp-1 | cbp-1 l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE =
Availability library/neon = Interface Stability Volatile
NOTES
Source for Neon is available on http://opensolaris.org.
ATTRIBUTES
See attributes(5) for descriptions of the following
attributes:
_______________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE|
|____________________|__________________|_
| Availability | library/neon |
|____________________|__________________|_
| Interface Stability| Volatile |
|____________________|_________________|
NOTES
Source for Neon is available on http://opensolaris.org.
neon 0.29.0 Last change: 13 September 2009 3