1=pod 2 3=head1 NAME 4 5SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 12 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 13 14 int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); 15 16=head1 DESCRIPTION 17 18SSL_CTX_set_default_passwd_cb() sets the default password callback called 19when loading/storing a PEM certificate with encryption. 20 21SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which 22will be provided to the password callback on invocation. 23 24The pem_passwd_cb(), which must be provided by the application, hands back the 25password to be used during decryption. On invocation a pointer to B<userdata> 26is provided. The pem_passwd_cb must write the password into the provided buffer 27B<buf> which is of size B<size>. The actual length of the password must 28be returned to the calling function. B<rwflag> indicates whether the 29callback is used for reading/decryption (rwflag=0) or writing/encryption 30(rwflag=1). 31 32=head1 NOTES 33 34When loading or storing private keys, a password might be supplied to 35protect the private key. The way this password can be supplied may depend 36on the application. If only one private key is handled, it can be practical 37to have pem_passwd_cb() handle the password dialog interactively. If several 38keys have to be handled, it can be practical to ask for the password once, 39then keep it in memory and use it several times. In the last case, the 40password could be stored into the B<userdata> storage and the 41pem_passwd_cb() only returns the password already stored. 42
| 1=pod 2 3=head1 NAME 4 5SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling 6 7=head1 SYNOPSIS 8 9 #include <openssl/ssl.h> 10 11 void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 12 void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 13 14 int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); 15 16=head1 DESCRIPTION 17 18SSL_CTX_set_default_passwd_cb() sets the default password callback called 19when loading/storing a PEM certificate with encryption. 20 21SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which 22will be provided to the password callback on invocation. 23 24The pem_passwd_cb(), which must be provided by the application, hands back the 25password to be used during decryption. On invocation a pointer to B<userdata> 26is provided. The pem_passwd_cb must write the password into the provided buffer 27B<buf> which is of size B<size>. The actual length of the password must 28be returned to the calling function. B<rwflag> indicates whether the 29callback is used for reading/decryption (rwflag=0) or writing/encryption 30(rwflag=1). 31 32=head1 NOTES 33 34When loading or storing private keys, a password might be supplied to 35protect the private key. The way this password can be supplied may depend 36on the application. If only one private key is handled, it can be practical 37to have pem_passwd_cb() handle the password dialog interactively. If several 38keys have to be handled, it can be practical to ask for the password once, 39then keep it in memory and use it several times. In the last case, the 40password could be stored into the B<userdata> storage and the 41pem_passwd_cb() only returns the password already stored. 42
|
43Other items in PEM formatting (certificates) can also be encrypted, it is 44however not usual, as certificate information is considered public. 45 46=head1 RETURN VALUES 47 48SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() 49do not provide diagnostic information. 50 51=head1 EXAMPLES 52 53The following example returns the password provided as B<userdata> to the 54calling function. The password is considered to be a '\0' terminated 55string. If the password does not fit into the buffer, the password is 56truncated. 57 58 int pem_passwd_cb(char *buf, int size, int rwflag, void *password) 59 { 60 strncpy(buf, (char *)(password), size); 61 buf[size - 1] = '\0'; 62 return(strlen(buf)); 63 } 64 65=head1 SEE ALSO 66 67L<ssl(3)|ssl(3)>, 68L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> 69 70=cut
| 49Other items in PEM formatting (certificates) can also be encrypted, it is 50however not usual, as certificate information is considered public. 51 52=head1 RETURN VALUES 53 54SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() 55do not provide diagnostic information. 56 57=head1 EXAMPLES 58 59The following example returns the password provided as B<userdata> to the 60calling function. The password is considered to be a '\0' terminated 61string. If the password does not fit into the buffer, the password is 62truncated. 63 64 int pem_passwd_cb(char *buf, int size, int rwflag, void *password) 65 { 66 strncpy(buf, (char *)(password), size); 67 buf[size - 1] = '\0'; 68 return(strlen(buf)); 69 } 70 71=head1 SEE ALSO 72 73L<ssl(3)|ssl(3)>, 74L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> 75 76=cut
|