Update files for OpenSSL-1.0.0f import.
[dragonfly.git] / secure / lib / libssl / man / SSL_CTX_set_client_CA_list.3
CommitLineData
e3261593 1.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.19)
e056f0e0
JR
2.\"
3.\" Standard preamble:
4.\" ========================================================================
e056f0e0 5.de Sp \" Vertical space (when we can't use .PP)
984263bc
MD
6.if t .sp .5v
7.if n .sp
8..
e056f0e0 9.de Vb \" Begin verbatim text
984263bc
MD
10.ft CW
11.nf
12.ne \\$1
13..
e056f0e0 14.de Ve \" End verbatim text
984263bc 15.ft R
984263bc
MD
16.fi
17..
e056f0e0
JR
18.\" Set up some character translations and predefined strings. \*(-- will
19.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
e257b235
PA
20.\" double quote, and \*(R" will give a right double quote. \*(C+ will
21.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
22.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
23.\" nothing in troff, for use with C<>.
24.tr \(*W-
e056f0e0 25.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
984263bc 26.ie n \{\
e056f0e0
JR
27. ds -- \(*W-
28. ds PI pi
29. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
31. ds L" ""
32. ds R" ""
33. ds C` ""
34. ds C' ""
984263bc
MD
35'br\}
36.el\{\
e056f0e0
JR
37. ds -- \|\(em\|
38. ds PI \(*p
39. ds L" ``
40. ds R" ''
984263bc 41'br\}
e056f0e0 42.\"
e257b235
PA
43.\" Escape single quotes in literal strings from groff's Unicode transform.
44.ie \n(.g .ds Aq \(aq
45.el .ds Aq '
46.\"
e056f0e0 47.\" If the F register is turned on, we'll generate index entries on stderr for
01185282 48.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
e056f0e0
JR
49.\" entries marked with X<> in POD. Of course, you'll have to process the
50.\" output yourself in some meaningful fashion.
e257b235 51.ie \nF \{\
e056f0e0
JR
52. de IX
53. tm Index:\\$1\t\\n%\t"\\$2"
984263bc 54..
e056f0e0
JR
55. nr % 0
56. rr F
984263bc 57.\}
e257b235
PA
58.el \{\
59. de IX
60..
61.\}
aac4ff6f 62.\"
e056f0e0
JR
63.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
64.\" Fear. Run. Save yourself. No user-serviceable parts.
65. \" fudge factors for nroff and troff
984263bc 66.if n \{\
e056f0e0
JR
67. ds #H 0
68. ds #V .8m
69. ds #F .3m
70. ds #[ \f1
71. ds #] \fP
984263bc
MD
72.\}
73.if t \{\
e056f0e0
JR
74. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
75. ds #V .6m
76. ds #F 0
77. ds #[ \&
78. ds #] \&
984263bc 79.\}
e056f0e0 80. \" simple accents for nroff and troff
984263bc 81.if n \{\
e056f0e0
JR
82. ds ' \&
83. ds ` \&
84. ds ^ \&
85. ds , \&
86. ds ~ ~
87. ds /
984263bc
MD
88.\}
89.if t \{\
e056f0e0
JR
90. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
91. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
92. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
93. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
94. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
95. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
984263bc 96.\}
e056f0e0 97. \" troff and (daisy-wheel) nroff accents
984263bc
MD
98.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
99.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
100.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
101.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
102.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
103.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
104.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
105.ds ae a\h'-(\w'a'u*4/10)'e
106.ds Ae A\h'-(\w'A'u*4/10)'E
e056f0e0 107. \" corrections for vroff
984263bc
MD
108.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
109.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
e056f0e0 110. \" for low resolution devices (crt and lpr)
984263bc
MD
111.if \n(.H>23 .if \n(.V>19 \
112\{\
e056f0e0
JR
113. ds : e
114. ds 8 ss
115. ds o a
116. ds d- d\h'-1'\(ga
117. ds D- D\h'-1'\(hy
118. ds th \o'bp'
119. ds Th \o'LP'
120. ds ae ae
121. ds Ae AE
984263bc
MD
122.\}
123.rm #[ #] #H #V #F C
e056f0e0
JR
124.\" ========================================================================
125.\"
126.IX Title "SSL_CTX_set_client_CA_list 3"
e3261593 127.TH SSL_CTX_set_client_CA_list 3 "2012-01-04" "1.0.0f" "OpenSSL"
e257b235
PA
128.\" For nroff, turn off justification. Always turn off hyphenation; it makes
129.\" way too many mistakes in technical documents.
130.if n .ad l
131.nh
984263bc
MD
132.SH "NAME"
133SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
134SSL_add_client_CA \- set list of CAs sent to the client when requesting a
135client certificate
136.SH "SYNOPSIS"
e056f0e0
JR
137.IX Header "SYNOPSIS"
138.Vb 1
984263bc 139\& #include <openssl/ssl.h>
e257b235 140\&
984263bc
MD
141\& void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list);
142\& void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list);
143\& int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert);
144\& int SSL_add_client_CA(SSL *ssl, X509 *cacert);
145.Ve
146.SH "DESCRIPTION"
e056f0e0
JR
147.IX Header "DESCRIPTION"
148\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
984263bc
MD
149requesting a client certificate for \fBctx\fR.
150.PP
e056f0e0 151\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
984263bc 152requesting a client certificate for the chosen \fBssl\fR, overriding the
e056f0e0 153setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object.
984263bc 154.PP
e056f0e0 155\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
984263bc 156list of CAs sent to the client when requesting a client certificate for
e056f0e0 157\&\fBctx\fR.
984263bc 158.PP
e056f0e0 159\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
984263bc 160list of CAs sent to the client when requesting a client certificate for
e056f0e0 161the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object.
984263bc 162.SH "NOTES"
e056f0e0
JR
163.IX Header "NOTES"
164When a \s-1TLS/SSL\s0 server requests a client certificate (see
165\&\fB\f(BISSL_CTX_set_verify_options()\fB\fR), it sends a list of CAs, for which
984263bc
MD
166it will accept certificates, to the client.
167.PP
168This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR for
e056f0e0 169\&\fBctx\fR and \fISSL_set_client_CA_list()\fR for the specific \fBssl\fR. The list
984263bc
MD
170specified overrides the previous setting. The CAs listed do not become
171trusted (\fBlist\fR only contains the names, not the complete certificates); use
e056f0e0 172\&\fISSL_CTX_load_verify_locations\fR\|(3)
984263bc
MD
173to additionally load them for verification.
174.PP
175If the list of acceptable CAs is compiled in a file, the
e056f0e0 176\&\fISSL_load_client_CA_file\fR\|(3)
984263bc
MD
177function can be used to help importing the necessary data.
178.PP
e056f0e0 179\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR can be used to add additional
984263bc 180items the list of client CAs. If no list was specified before using
e056f0e0
JR
181\&\fISSL_CTX_set_client_CA_list()\fR or \fISSL_set_client_CA_list()\fR, a new client
182\&\s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened.
984263bc 183.PP
e056f0e0 184These functions are only useful for \s-1TLS/SSL\s0 servers.
984263bc 185.SH "RETURN VALUES"
e056f0e0
JR
186.IX Header "RETURN VALUES"
187\&\fISSL_CTX_set_client_CA_list()\fR and \fISSL_set_client_CA_list()\fR do not return
984263bc
MD
188diagnostic information.
189.PP
e056f0e0 190\&\fISSL_CTX_add_client_CA()\fR and \fISSL_add_client_CA()\fR have the following return
984263bc 191values:
e257b235 192.IP "1." 4
984263bc 193The operation succeeded.
e257b235 194.IP "2." 4
e056f0e0 195A failure while manipulating the \s-1STACK_OF\s0(X509_NAME) object occurred or
984263bc
MD
196the X509_NAME could not be extracted from \fBcacert\fR. Check the error stack
197to find out the reason.
198.SH "EXAMPLES"
e056f0e0 199.IX Header "EXAMPLES"
984263bc
MD
200Scan all certificates in \fBCAfile\fR and list them as acceptable CAs:
201.PP
202.Vb 1
203\& SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
204.Ve
205.SH "SEE ALSO"
a7d27d5a 206.IX Header "SEE ALSO"
e056f0e0
JR
207\&\fIssl\fR\|(3),
208\&\fISSL_get_client_CA_list\fR\|(3),
209\&\fISSL_load_client_CA_file\fR\|(3),
210\&\fISSL_CTX_load_verify_locations\fR\|(3)
e257b235
PA
211.SH "POD ERRORS"
212.IX Header "POD ERRORS"
213Hey! \fBThe above document had some coding errors, which are explained below:\fR
214.IP "Around line 73:" 4
215.IX Item "Around line 73:"
216You have '=item 0' instead of the expected '=item 2'