From ca1b56f3d03e4aeb729bfdb7aa32042d27770043 Mon Sep 17 00:00:00 2001 From: cvs2svn Date: Tue, 10 Oct 2000 09:15:49 +0000 Subject: This commit was manufactured by cvs2svn to create tag 'OpenSSL_0_9_6'. --- doc/ssl/SSL_CTX_load_verify_locations.pod | 93 ------------------------------- doc/ssl/SSL_CTX_set_client_CA_list.pod | 90 ------------------------------ doc/ssl/SSL_get_client_CA_list.pod | 52 ----------------- doc/ssl/SSL_load_client_CA_file.pod | 62 --------------------- 4 files changed, 297 deletions(-) delete mode 100644 doc/ssl/SSL_CTX_load_verify_locations.pod delete mode 100644 doc/ssl/SSL_CTX_set_client_CA_list.pod delete mode 100644 doc/ssl/SSL_get_client_CA_list.pod delete mode 100644 doc/ssl/SSL_load_client_CA_file.pod diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod deleted file mode 100644 index d46f8aab5f..0000000000 --- a/doc/ssl/SSL_CTX_load_verify_locations.pod +++ /dev/null @@ -1,93 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_load_verify_locations - set default locations for trusted CA -certificates - -=head1 SYNOPSIS - - #include - - int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, - const char *CApath); - -=head1 DESCRIPTION - -SSL_CTX_load_verify_locations() specifies the locations for B, at -which CA certificates for verification purposes are located. The certificates -available via B and B are trusted. - -=head1 NOTES - -If B is not NULL, it points to a file of CA certificates in PEM -format. The file can contain several CA certificates identified by - - -----BEGIN CERTIFICATE----- - ... (CA certificate in base64 encoding) ... - -----END CERTIFICATE----- - -sequences. Before, between, and after the certificates text is allowed -which can be used e.g. for descriptions of the certificates. - -The B is processed on execution of the SSL_CTX_load_verify_locations() -function. - -If on an TLS/SSL server no special setting is perfomed using *client_CA_list() -functions, the certificates contained in B are listed to the client -as available CAs during the TLS/SSL handshake. - -If B is not NULL, it points to a directory containing CA certificates -in PEM format. The files each contain one CA certificate. The files are -looked up by the CA subject name hash value, which must hence be available. -Use the B utility to create the necessary links. - -The certificates in B are only looked up when required, e.g. when -building the certificate chain or when actually performing the verification -of a peer certificate. - -On a server, the certificates in B are not listed as available -CA certificates to a client during a TLS/SSL handshake. - -=head1 EXAMPLES - -Generate a CA certificate file with descriptive text from the CA certificates -ca1.pem ca2.pem ca3.pem: - - #!/bin/sh - rm CAfile.pem - for i in ca1.pem ca2.pem ca3.pem ; do - openssl x509 -in $i -text >> CAfile.pem - done - -Prepare the directory /some/where/certs containing several CA certificates -for use as B: - - cd /some/where/certs - c_rehash . - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item 0 - -The operation failed because B and B are NULL or the -processing at one of the locations specified failed. Check the error -stack to find out the reason. - -=item 1 - -The operation succeeded. - -=back - -=head1 SEE ALSO - -L, -L, -L - -=cut diff --git a/doc/ssl/SSL_CTX_set_client_CA_list.pod b/doc/ssl/SSL_CTX_set_client_CA_list.pod deleted file mode 100644 index f27a291cb6..0000000000 --- a/doc/ssl/SSL_CTX_set_client_CA_list.pod +++ /dev/null @@ -1,90 +0,0 @@ -=pod - -=head1 NAME - -SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA, -SSL_add_client_CA - set list of CAs sent to the client when requesting a -client certificate - -=head1 SYNOPSIS - - #include - - void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); - void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); - int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *cacert); - int SSL_add_client_CA(SSL *ssl, X509 *cacert); - -=head1 DESCRIPTION - -SSL_CTX_set_client_CA_list() sets the B of CAs sent to the client when -requesting a client certificate for B. - -SSL_set_client_CA_list() sets the B of CAs sent to the client when -requesting a client certificate for the chosen B, overriding the -setting valid for B's SSL_CTX object. - -SSL_CTX_add_client_CA() adds the CA name extracted from B to the -list of CAs sent to the client when requesting a client certificate for -B. - -SSL_add_client_CA() adds the CA name extracted from B to the -list of CAs sent to the client when requesting a client certificate for -the chosen B, overriding the setting valid for B's SSL_CTX object. - -=head1 NOTES - -When a TLS/SSL server requests a client certificate (see -B), it sends a list of CAs, for which -it will accept certificates, to the client. If no special list is provided, -the CAs available using the B option in -L -are sent. - -This list can be explicitely set using the SSL_CTX_set_client_CA_list() for -B and SSL_set_client_CA_list() for the specific B. The list -specified overrides the previous setting. The CAs listed do not become -trusted (B only contains the names, not the complete certificates); use -L -to additionally load them for verification. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional -items the list of client CAs. If no list was specified before using -SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client -CA list for B or B (as appropriate) is opened. The CAs implicitly -specified using -L -are no longer used automatically. - -These functions are only useful for TLS/SSL servers. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item 1 - -The operation succeeded. - -=item 0 - -A failure while manipulating the STACK_OF(X509_NAME) object occured or -the X509_NAME could not be extracted from B. Check the error stack -to find out the reason. - -=back - -=head1 SEE ALSO - -L, -L, -L -L - -=cut diff --git a/doc/ssl/SSL_get_client_CA_list.pod b/doc/ssl/SSL_get_client_CA_list.pod deleted file mode 100644 index d358bc352e..0000000000 --- a/doc/ssl/SSL_get_client_CA_list.pod +++ /dev/null @@ -1,52 +0,0 @@ -=pod - -=head1 NAME - -SSL_get_client_CA_list, SSL_CTX_get_client_CA_list - get list of client CAs - -=head1 SYNOPSIS - - #include - - STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); - STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx); - -=head1 DESCRIPTION - -SSL_CTX_get_client_CA_list() returns the list of client CAs explicitely set for -B using L. - -SSL_get_client_CA_list() returns the list of client CAs explicitely -set for B using SSL_set_client_CA_list() or B's SSL_CTX object with -L, when in -server mode. In client mode, SSL_get_client_CA_list returns the list of -client CAs sent from the server, if any. - -=head1 RETURN VALUES - -SSL_CTX_set_client_CA_list() and SSL_set_client_CA_list() do not return -diagnostic information. - -SSL_CTX_add_client_CA() and SSL_add_client_CA() have the following return -values: - -=over 4 - -=item STACK_OF(X509_NAMES) - -List of CA names explicitely set (for B or in server mode) or send -by the server (client mode). - -=item NULL - -No client CA list was explicitely set (for B or in server mode) or -the server did not send a list of CAs (client mode). - -=back - -=head1 SEE ALSO - -L, -L - -=cut diff --git a/doc/ssl/SSL_load_client_CA_file.pod b/doc/ssl/SSL_load_client_CA_file.pod deleted file mode 100644 index 02527dc2ed..0000000000 --- a/doc/ssl/SSL_load_client_CA_file.pod +++ /dev/null @@ -1,62 +0,0 @@ -=pod - -=head1 NAME - -SSL_load_client_CA_file - load certificate names from file - -=head1 SYNOPSIS - - #include - - STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); - -=head1 DESCRIPTION - -SSL_load_client_CA_file() reads certificates from B and returns -a STACK_OF(X509_NAME) with the subject names found. - -=head1 NOTES - -SSL_load_client_CA_file() reads a file of PEM formatted certificates and -extracts the X509_NAMES of the certificates found. While the name suggests -the specific usage as support function for -L, -it is not limited to CA certificates. - -=head1 EXAMPLES - -Load names of CAs from file and use it as a client CA list: - - SSL_CTX *ctx; - STACK_OF(X509_NAME) *cert_names; - - ... - cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem"); - if (cert_names != NULL) - SSL_CTX_set_client_CA_list(ctx, cert_names); - else - error_handling(); - ... - -=head1 RETURN VALUES - -The following return values can occur: - -=over 4 - -=item NULL - -The operation failed, check out the error stack for the reason. - -=item Pointer to STACK_OF(X509_NAME) - -Pointer to the subject names of the successfully read certificates. - -=back - -=head1 SEE ALSO - -L, -L - -=cut -- cgit v1.2.3