SSL_CTX_set_client_CA_list.pod (72613) | SSL_CTX_set_client_CA_list.pod (76866) |
---|---|
1=pod 2 3=head1 NAME 4 5SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, 6SSL_add_client_CA - set list of CAs sent to the client when requesting a 7client certificate 8 --- 27 unchanged lines hidden (view full) --- 36 37When a TLS/SSL server requests a client certificate (see 38B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which 39it will accept certificates, to the client. If no special list is provided, 40the CAs available using the B<CAfile> option in 41L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 42are sent. 43 | 1=pod 2 3=head1 NAME 4 5SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, 6SSL_add_client_CA - set list of CAs sent to the client when requesting a 7client certificate 8 --- 27 unchanged lines hidden (view full) --- 36 37When a TLS/SSL server requests a client certificate (see 38B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which 39it will accept certificates, to the client. If no special list is provided, 40the CAs available using the B<CAfile> option in 41L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 42are sent. 43 |
44This list can be explicitely set using the SSL_CTX_set_client_CA_list() for | 44This list can be explicitly set using the SSL_CTX_set_client_CA_list() for |
45B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list 46specified overrides the previous setting. The CAs listed do not become 47trusted (B<list> only contains the names, not the complete certificates); use 48L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 49to additionally load them for verification. 50 51SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional 52items the list of client CAs. If no list was specified before using --- 16 unchanged lines hidden (view full) --- 69=over 4 70 71=item 1 72 73The operation succeeded. 74 75=item 0 76 | 45B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list 46specified overrides the previous setting. The CAs listed do not become 47trusted (B<list> only contains the names, not the complete certificates); use 48L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 49to additionally load them for verification. 50 51SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional 52items the list of client CAs. If no list was specified before using --- 16 unchanged lines hidden (view full) --- 69=over 4 70 71=item 1 72 73The operation succeeded. 74 75=item 0 76 |
77A failure while manipulating the STACK_OF(X509_NAME) object occured or | 77A failure while manipulating the STACK_OF(X509_NAME) object occurred or |
78the X509_NAME could not be extracted from B<cacert>. Check the error stack 79to find out the reason. 80 81=back 82 83=head1 SEE ALSO 84 85L<ssl(3)|ssl(3)>, 86L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, 87L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)> 88L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 89 90=cut | 78the X509_NAME could not be extracted from B<cacert>. Check the error stack 79to find out the reason. 80 81=back 82 83=head1 SEE ALSO 84 85L<ssl(3)|ssl(3)>, 86L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>, 87L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)> 88L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 89 90=cut |