SSL_CTX_use_certificate.pod revision 76866
172613Skris=pod 272613Skris 372613Skris=head1 NAME 472613Skris 572613SkrisSSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key - load certificate and key data 672613Skris 772613Skris=head1 SYNOPSIS 872613Skris 972613Skris #include <openssl/ssl.h> 1072613Skris 1172613Skris int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); 1272613Skris int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); 1372613Skris int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); 1472613Skris int SSL_use_certificate(SSL *ssl, X509 *x); 1572613Skris int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); 1672613Skris int SSL_use_certificate_file(SSL *ssl, const char *file, int type); 1772613Skris 1872613Skris int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); 1972613Skris 2072613Skris int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); 2172613Skris int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d, 2272613Skris long len); 2372613Skris int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); 2472613Skris int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); 2572613Skris int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); 2672613Skris int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); 2772613Skris int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); 2872613Skris int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); 2972613Skris int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); 3072613Skris int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); 3172613Skris int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); 3272613Skris int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); 3372613Skris 3472613Skris int SSL_CTX_check_private_key(SSL_CTX *ctx); 3572613Skris int SSL_check_private_key(SSL *ssl); 3672613Skris 3772613Skris=head1 DESCRIPTION 3872613Skris 3972613SkrisThese functions load the certificates and private keys into the SSL_CTX 4072613Skrisor SSL object, respectively. 4172613Skris 4272613SkrisThe SSL_CTX_* class of functions loads the certificates and keys into the 4372613SkrisSSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl> 4472613Skriscreated from B<ctx> with L<SSL_new(3)|SSL_new(3)> by copying, so that 4572613Skrischanges applied to B<ctx> do not propagate to already existing SSL objects. 4672613Skris 4772613SkrisThe SSL_* class of functions only loads certificates and keys into a 4872613Skrisspecific SSL object. The specific information is kept, when 4972613SkrisL<SSL_clear(3)|SSL_clear(3)> is called for this SSL object. 5072613Skris 5172613SkrisSSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>, 5272613SkrisSSL_use_certificate() loads B<x> into B<ssl>. The rest of the 5372613Skriscertificates needed to form the complete certificate chain can be 5472613Skrisspecified using the 5572613SkrisL<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> 5672613Skrisfunction. 5772613Skris 5872613SkrisSSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from 5972613Skristhe memory location B<d> (with length B<len>) into B<ctx>, 6072613SkrisSSL_use_certificate_ASN1() loads the ASN1 encoded certificate into B<ssl>. 6172613Skris 6272613SkrisSSL_CTX_use_certificate_file() loads the first certificate stored in B<file> 6372613Skrisinto B<ctx>. The formatting B<type> of the certificate must be specified 6472613Skrisfrom the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. 6572613SkrisSSL_use_certificate_file() loads the certificate from B<file> into B<ssl>. 6672613SkrisSee the NOTES section on why SSL_CTX_use_certificate_chain_file() 6772613Skrisshould be preferred. 6872613Skris 6972613SkrisSSL_CTX_use_certificate_chain_file() loads a certificate chain from 7072613SkrisB<file> into B<ctx>. The certificates must be in PEM format and must 7172613Skrisbe sorted starting with the certificate to the highest level (root CA). 7272613SkrisThere is no corresponding function working on a single SSL object. 7372613Skris 7472613SkrisSSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>. 7572613SkrisSSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA 7672613Skristo B<ctx>. SSL_use_PrivateKey() adds B<pkey> as private key to B<ssl>; 7772613SkrisSSL_use_RSAPrivateKey() adds B<rsa> as private key of type RSA to B<ssl>. 7872613Skris 7972613SkrisSSL_CTX_use_PrivateKey_ASN1() adds the private key of type B<pk> 8072613Skrisstored at memory location B<d> (length B<len>) to B<ctx>. 8172613SkrisSSL_CTX_use_RSAPrivateKey_ASN1() adds the private key of type RSA 8272613Skrisstored at memory location B<d> (length B<len>) to B<ctx>. 8372613SkrisSSL_use_PrivateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() add the private 8472613Skriskey to B<ssl>. 8572613Skris 8672613SkrisSSL_CTX_use_PrivateKey_file() adds the first private key found in 8772613SkrisB<file> to B<ctx>. The formatting B<type> of the certificate must be specified 8872613Skrisfrom the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. 8972613SkrisSSL_CTX_use_RSAPrivateKey_file() adds the first private RSA key found in 9072613SkrisB<file> to B<ctx>. SSL_use_PrivateKey_file() adds the first private key found 9172613Skrisin B<file> to B<ssl>; SSL_use_RSAPrivateKey_file() adds the first private 9272613SkrisRSA key found to B<ssl>. 9372613Skris 9472613SkrisSSL_CTX_check_private_key() checks the consistency of a private key with 9572613Skristhe corresponding certificate loaded into B<ctx>. If more than one 9672613Skriskey/certificate pair (RSA/DSA) is installed, the last item installed will 9772613Skrisbe checked. If e.g. the last item was a RSA certificate or key, the RSA 9872613Skriskey/certificate pair will be checked. SSL_check_private_key() performs 9972613Skristhe same check for B<ssl>. If no key/certificate was explicitly added for 10072613Skristhis B<ssl>, the last item added into B<ctx> will be checked. 10172613Skris 10272613Skris=head1 NOTES 10372613Skris 10472613SkrisThe internal certificate store of OpenSSL can hold two private key/certificate 10572613Skrispairs at a time: one key/certificate of type RSA and one key/certificate 10672613Skrisof type DSA. The certificate used depends on the cipher select, see 10772613Skrisalso L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>. 10872613Skris 10972613SkrisWhen reading certificates and private keys from file, files of type 11072613SkrisSSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain 11172613Skrisone certificate or private key, consequently 11272613SkrisSSL_CTX_use_certificate_chain_file() is only applicable to PEM formatting. 11372613SkrisFiles of type SSL_FILETYPE_PEM can contain more than one item. 11472613Skris 11572613SkrisSSL_CTX_use_certificate_chain_file() adds the first certificate found 11672613Skrisin the file to the certificate store. The other certificates are added 11772613Skristo the store of chain certificates using 11872613SkrisL<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>. 11972613SkrisThere exists only one extra chain store, so that the same chain is appended 12076866Skristo both types of certificates, RSA and DSA! If it is not intended to use 12172613Skrisboth type of certificate at the same time, it is recommended to use the 12272613SkrisSSL_CTX_use_certificate_chain_file() instead of the 12372613SkrisSSL_CTX_use_certificate_file() function in order to allow the use of 12472613Skriscomplete certificate chains even when no trusted CA storage is used or 12572613Skriswhen the CA issuing the certificate shall not be added to the trusted 12672613SkrisCA storage. 12772613Skris 12872613SkrisIf additional certificates are needed to complete the chain during the 12972613SkrisTLS negotiation, CA certificates are additionally looked up in the 13072613Skrislocations of trusted CA certificates, see 13172613SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. 13272613Skris 13372613SkrisThe private keys loaded from file can be encrypted. In order to successfully 13472613Skrisload encrypted keys, a function returning the passphrase must have been 13572613Skrissupplied, see 13672613SkrisL<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>. 13772613Skris(Certificate files might be encrypted as well from the technical point 13872613Skrisof view, it however does not make sense as the data in the certificate 13972613Skrisis considered public anyway.) 14072613Skris 14172613Skris=head1 RETURN VALUES 14272613Skris 14372613SkrisOn success, the functions return 1. 14472613SkrisOtherwise check out the error stack to find out the reason. 14572613Skris 14672613Skris=head1 SEE ALSO 14772613Skris 14872613SkrisL<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>, 14972613SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>, 15072613SkrisL<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>, 15172613SkrisL<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>, 15272613SkrisL<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)> 15372613Skris 15472613Skris=cut 155