1=pod
2
3=head1 NAME
4
5SSL_load_client_CA_file_ex, SSL_load_client_CA_file,
6SSL_add_file_cert_subjects_to_stack,
7SSL_add_dir_cert_subjects_to_stack,
8SSL_add_store_cert_subjects_to_stack
9- load certificate names
10
11=head1 SYNOPSIS
12
13 #include <openssl/ssl.h>
14
15 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
16                                                 OSSL_LIB_CTX *libctx,
17                                                 const char *propq);
18 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
19
20 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
21                                         const char *file);
22 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
23                                        const char *dir);
24 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
25                                          const char *store);
26
27=head1 DESCRIPTION
28
29SSL_load_client_CA_file_ex() reads certificates from I<file> and returns
30a STACK_OF(X509_NAME) with the subject names found. The library context I<libctx>
31and property query I<propq> are used when fetching algorithms from providers.
32
33SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex()
34but uses NULL for the library context I<libctx> and property query I<propq>.
35
36SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
37and adds their subject name to the already existing I<stack>.
38
39SSL_add_dir_cert_subjects_to_stack() reads certificates from every
40file in the directory I<dir>, and adds their subject name to the
41already existing I<stack>.
42
43SSL_add_store_cert_subjects_to_stack() loads certificates from the
44I<store> URI, and adds their subject name to the already existing
45I<stack>.
46
47=head1 NOTES
48
49SSL_load_client_CA_file() reads a file of PEM formatted certificates and
50extracts the X509_NAMES of the certificates found. While the name suggests
51the specific usage as support function for
52L<SSL_CTX_set_client_CA_list(3)>,
53it is not limited to CA certificates.
54
55=head1 RETURN VALUES
56
57The following return values can occur for SSL_load_client_CA_file_ex(), and
58SSL_load_client_CA_file():
59
60=over 4
61
62=item NULL
63
64The operation failed, check out the error stack for the reason.
65
66=item Pointer to STACK_OF(X509_NAME)
67
68Pointer to the subject names of the successfully read certificates.
69
70=back
71
72The following return values can occur for SSL_add_file_cert_subjects_to_stack(),
73SSL_add_dir_cert_subjects_to_stack(), and SSL_add_store_cert_subjects_to_stack():
74
75=over 4
76
77=item 0 (Failure)
78
79The operation failed.
80
81=item 1 (Success)
82
83The operation succeeded.
84
85=back
86
87=head1 EXAMPLES
88
89Load names of CAs from file and use it as a client CA list:
90
91 SSL_CTX *ctx;
92 STACK_OF(X509_NAME) *cert_names;
93
94 ...
95 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
96 if (cert_names != NULL)
97     SSL_CTX_set_client_CA_list(ctx, cert_names);
98 else
99     /* error */
100 ...
101
102=head1 SEE ALSO
103
104L<ssl(7)>,
105L<ossl_store(7)>,
106L<SSL_CTX_set_client_CA_list(3)>
107
108=head1 HISTORY
109
110SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack()
111were added in OpenSSL 3.0.
112
113=head1 COPYRIGHT
114
115Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
116
117Licensed under the Apache License 2.0 (the "License").  You may not use
118this file except in compliance with the License.  You can obtain a copy
119in the file LICENSE in the source distribution or at
120L<https://www.openssl.org/source/license.html>.
121
122=cut
123