2 ''' $RCSfile$$Revision$$Date$
20 .ie \\n(.$>=3 .ne \\$3
36 ''' Set up \*(-- to give an unbreakable dash;
37 ''' string Tr holds user defined translation string.
38 ''' Bell System Logo is used as a dummy character.
44 .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
45 .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
48 ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
49 ''' \*(L" and \*(R", except that they are used on ".xx" lines,
50 ''' such as .IP and .SH, which do another additional levels of
51 ''' double-quote interpretation
80 .\" If the F register is turned on, we'll generate
81 .\" index entries out stderr for the following things:
86 .\" X<> Xref (embedded
87 .\" Of course, you have to process the output yourself
88 .\" in some meaninful fashion.
91 .tm Index:\\$1\t\\n%\t"\\$2"
96 .TH SSL_CTX_set_default_passwd_cb 3 "0.9.7d" "2/Sep/2004" "OpenSSL"
100 .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
101 .de CQ \" put $1 in typewriter font
107 \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
110 .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
111 . \" AM - accent mark definitions
113 . \" fudge factors for nroff and troff
122 . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
128 . \" simple accents for nroff and troff
141 . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
142 . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
143 . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
144 . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
145 . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
146 . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
147 . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
148 . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
149 . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
151 . \" troff and (daisy-wheel) nroff accents
152 .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
153 .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
154 .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
155 .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
156 .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
157 .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
158 .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
159 .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
160 .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
161 .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
162 .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
163 .ds ae a\h'-(\w'a'u*4/10)'e
164 .ds Ae A\h'-(\w'A'u*4/10)'E
165 .ds oe o\h'-(\w'o'u*4/10)'e
166 .ds Oe O\h'-(\w'O'u*4/10)'E
167 . \" corrections for vroff
168 .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
169 .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
170 . \" for low resolution devices (crt and lpr)
171 .if \n(.H>23 .if \n(.V>19 \
175 . ds v \h'-1'\o'\(aa\(ga'
191 SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted PEM file handling
195 \& #include <openssl/ssl.h>
198 \& void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
199 \& void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
202 \& int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
205 \fISSL_CTX_set_default_passwd_cb()\fR sets the default password callback called
206 when loading/storing a PEM certificate with encryption.
208 \fISSL_CTX_set_default_passwd_cb_userdata()\fR sets a pointer to \fBuserdata\fR which
209 will be provided to the password callback on invocation.
211 The \fIpem_passwd_cb()\fR, which must be provided by the application, hands back the
212 password to be used during decryption. On invocation a pointer to \fBuserdata\fR
213 is provided. The pem_passwd_cb must write the password into the provided buffer
214 \fBbuf\fR which is of size \fBsize\fR. The actual length of the password must
215 be returned to the calling function. \fBrwflag\fR indicates whether the
216 callback is used for reading/decryption (rwflag=0) or writing/encryption
219 When loading or storing private keys, a password might be supplied to
220 protect the private key. The way this password can be supplied may depend
221 on the application. If only one private key is handled, it can be practical
222 to have \fIpem_passwd_cb()\fR handle the password dialog interactively. If several
223 keys have to be handled, it can be practical to ask for the password once,
224 then keep it in memory and use it several times. In the last case, the
225 password could be stored into the \fBuserdata\fR storage and the
226 \fIpem_passwd_cb()\fR only returns the password already stored.
228 When asking for the password interactively, \fIpem_passwd_cb()\fR can use
229 \fBrwflag\fR to check, whether an item shall be encrypted (rwflag=1).
230 In this case the password dialog may ask for the same password twice
231 for comparison in order to catch typos, that would make decryption
234 Other items in PEM formatting (certificates) can also be encrypted, it is
235 however not usual, as certificate information is considered public.
237 \fISSL_CTX_set_default_passwd_cb()\fR and \fISSL_CTX_set_default_passwd_cb_userdata()\fR
238 do not provide diagnostic information.
240 The following example returns the password provided as \fBuserdata\fR to the
241 calling function. The password is considered to be a \*(L'\e0\*(R' terminated
242 string. If the password does not fit into the buffer, the password is
246 \& int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
248 \& strncpy(buf, (char *)(password), size);
249 \& buf[size - 1] = '\e0';
250 \& return(strlen(buf));
255 SSL_CTX_use_certificate(3)
258 .IX Title "SSL_CTX_set_default_passwd_cb 3"
259 .IX Name "SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling"
263 .IX Header "SYNOPSIS"
265 .IX Header "DESCRIPTION"
269 .IX Header "RETURN VALUES"
271 .IX Header "EXAMPLES"
273 .IX Header "SEE ALSO"