SSL_CTX_set_default_passwd_cb.pod revision 72613
1206150Sjilles=pod 2206150Sjilles 3206150Sjilles=head1 NAME 4206150Sjilles 5206150SjillesSSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for encrypted PEM file handling 6206150Sjilles 7206150Sjilles=head1 SYNOPSIS 8206150Sjilles 9206150Sjilles #include <openssl/ssl.h> 10206150Sjilles 11206150Sjilles void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); 12206150Sjilles void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); 13206150Sjilles 14206150Sjilles int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata); 15206150Sjilles 16206150Sjilles=head1 DESCRIPTION 17206150Sjilles 18206150SjillesSSL_CTX_set_default_passwd_cb() sets the default password callback called 19206150Sjilleswhen loading/storing a PEM certificate with encryption. 20206150Sjilles 21206150SjillesSSL_CTX_set_default_passwd_cb_userdata() sets a pointer to B<userdata> which 22206150Sjilleswill be provided to the password callback on invocation. 23206150Sjilles 24206150SjillesThe pem_passwd_cb(), which must be provided by the application, hands back the 25206150Sjillespassword to be used during decryption. On invocation a pointer to B<userdata> 26206150Sjillesis provided. The pem_passwd_cb must write the password into the provided buffer 27206150SjillesB<buf> which is of size B<size>. The actual length of the password must 28206150Sjillesbe returned to the calling function. B<rwflag> indicates whether the 29206150Sjillescallback is used for reading/decryption (rwflag=0) or writing/encryption 30206150Sjilles(rwflag=1). 31206150Sjilles 32206150Sjilles=head1 NOTES 33206150Sjilles 34206150SjillesWhen loading or storing private keys, a password might be supplied to 35206150Sjillesprotect the private key. The way this password can be supplied may depend 36206150Sjilleson the application. If only one private key is handled, it can be practical 37206150Sjillesto have pem_passwd_cb() handle the password dialog interactively. If several 38206150Sjilleskeys have to be handled, it can be practical to ask for the password once, 39206150Sjillesthen keep it in memory and use it several times. In the last case, the 40206150Sjillespassword could be stored into the B<userdata> storage and the 41206150Sjillespem_passwd_cb() only returns the password already stored. 42206150Sjilles 43206150SjillesOther items in PEM formatting (certificates) can also be encrypted, it is 44206150Sjilleshowever not usual, as certificate information is considered public. 45206150Sjilles 46206150Sjilles=head1 RETURN VALUES 47206150Sjilles 48206150SjillesSSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() 49206150Sjillesdo not provide diagnostic information. 50206150Sjilles 51206150Sjilles=head1 EXAMPLES 52206150Sjilles 53206150SjillesThe following example returns the password provided as B<userdata> to the 54206150Sjillescalling function. The password is considered to be a '\0' terminated 55206150Sjillesstring. If the password does not fit into the buffer, the password is 56206150Sjillestruncated. 57206150Sjilles 58206150Sjilles int pem_passwd_cb(char *buf, int size, int rwflag, void *password) 59206150Sjilles { 60206150Sjilles strncpy(buf, (char *)(password), size); 61206150Sjilles buf[size - 1] = '\0'; 62206150Sjilles return(strlen(buf)); 63206150Sjilles } 64206150Sjilles 65206150Sjilles=head1 SEE ALSO 66206150Sjilles 67206150SjillesL<ssl(3)|ssl(3)>, 68206150SjillesL<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> 69206150Sjilles 70206150Sjilles=cut 71206150Sjilles