diff options
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3')
-rw-r--r-- | secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 | 100 |
1 files changed, 52 insertions, 48 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 index b472fd76f94e8..85154140df4a5 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_SET0_CA_LIST 3" -.TH SSL_CTX_SET0_CA_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_SET0_CA_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,7 +169,7 @@ between two communicating peers. For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the server to the client when requesting a client certificate. So any list of \s-1CA\s0 names set is never sent from client to server and the list of \s-1CA\s0 names retrieved -by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. +by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR. .PP For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR extension and may be sent by a client (in the ClientHello message) or by @@ -182,34 +186,34 @@ should be avoided unless required. The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the server side. .PP -\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred to \fBctx\fR and it should not be freed by the caller. .PP -\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when +\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP -\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for -\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed +\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for +\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed by the caller. .PP -\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly -set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with -\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, +\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly +set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with +\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode, SSL_get_client_CA_list returns the list of client CAs sent from the server, if any. The returned list should not be freed by the caller. .PP -\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for \&\fBctx\fR. .PP -\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the +\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the list of CAs sent to the client when requesting a client certificate for the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. .PP -\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer +\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer has sent. This can be called on either the server or the client side. The returned list should not be freed by the caller. .PP @@ -223,63 +227,63 @@ Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions sh preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on the client side. .PP -\&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to +\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and it should not be freed by the caller. .PP -\&\fISSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR +\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of \&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller. .PP -\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBctx\fR. The returned list should not be freed by the caller. .PP -\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for +\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for \&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The returned list should not be freed by the caller. .PP -\&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to peer for \fBctx\fR. .PP -\&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the +\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent \&\fB\s-1SSL_CTX\s0\fR. .SH "NOTES" .IX Header "NOTES" When a \s-1TLS/SSL\s0 server requests a client certificate (see -\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept +\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept certificates, to the client. .PP -This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or -\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or -\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified +This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or +\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or +\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR only contains the names, not the complete certificates); use -\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. +\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification. .PP If the list of acceptable CAs is compiled in a file, the -\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the +\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the necessary data. .PP -\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and -\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no -list was specified before using \fISSL_CTX_set_client_CA_list()\fR, -\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a +\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and +\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no +list was specified before using \fBSSL_CTX_set_client_CA_list()\fR, +\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, -\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR -and \fISSL_set0_CA_list()\fR do not return a value. +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, +\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR +and \fBSSL_set0_CA_list()\fR do not return a value. .PP -\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR -and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are +\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR +and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are set. .PP -\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and -\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. +\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and +\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure. .PP -\&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or +\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or \&\fB\s-1NULL\s0\fR or an empty stack if no list was sent. .SH "EXAMPLES" .IX Header "EXAMPLES" @@ -290,12 +294,12 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs: .Ve .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fIssl\fR\|(7), -\&\fISSL_load_client_CA_file\fR\|(3), -\&\fISSL_CTX_load_verify_locations\fR\|(3) +\&\fBssl\fR\|(7), +\&\fBSSL_load_client_CA_file\fR\|(3), +\&\fBSSL_CTX_load_verify_locations\fR\|(3) .SH "COPYRIGHT" .IX Header "COPYRIGHT" -Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved. .PP Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy |