summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3100
1 files changed, 52 insertions, 48 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3 b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
index b472fd76f94e8..85154140df4a5 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_set0_CA_list.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_SET0_CA_LIST 3"
-.TH SSL_CTX_SET0_CA_LIST 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_SET0_CA_LIST 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,7 +169,7 @@ between two communicating peers.
For \s-1TLS\s0 versions 1.2 and earlier the list of \s-1CA\s0 names is only sent from the
server to the client when requesting a client certificate. So any list of \s-1CA\s0
names set is never sent from client to server and the list of \s-1CA\s0 names retrieved
-by \fISSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR.
+by \fBSSL_get0_peer_CA_list()\fR is always \fB\s-1NULL\s0\fR.
.PP
For \s-1TLS 1.3\s0 the list of \s-1CA\s0 names is sent using the \fBcertificate_authorities\fR
extension and may be sent by a client (in the ClientHello message) or by
@@ -182,34 +186,34 @@ should be avoided unless required.
The \*(L"client \s-1CA\s0 list\*(R" functions below only have an effect when called on the
server side.
.PP
-\&\fISSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
+\&\fBSSL_CTX_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
requesting a client certificate for \fBctx\fR. Ownership of \fBlist\fR is transferred
to \fBctx\fR and it should not be freed by the caller.
.PP
-\&\fISSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
+\&\fBSSL_set_client_CA_list()\fR sets the \fBlist\fR of CAs sent to the client when
requesting a client certificate for the chosen \fBssl\fR, overriding the
setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object. Ownership of \fBlist\fR is transferred
to \fBs\fR and it should not be freed by the caller.
.PP
-\&\fISSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for
-\&\fBctx\fR using \fISSL_CTX_set_client_CA_list()\fR. The returned list should not be freed
+\&\fBSSL_CTX_get_client_CA_list()\fR returns the list of client CAs explicitly set for
+\&\fBctx\fR using \fBSSL_CTX_set_client_CA_list()\fR. The returned list should not be freed
by the caller.
.PP
-\&\fISSL_get_client_CA_list()\fR returns the list of client CAs explicitly
-set for \fBssl\fR using \fISSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with
-\&\fISSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode,
+\&\fBSSL_get_client_CA_list()\fR returns the list of client CAs explicitly
+set for \fBssl\fR using \fBSSL_set_client_CA_list()\fR or \fBssl\fR's \s-1SSL_CTX\s0 object with
+\&\fBSSL_CTX_set_client_CA_list()\fR, when in server mode. In client mode,
SSL_get_client_CA_list returns the list of client CAs sent from the server, if
any. The returned list should not be freed by the caller.
.PP
-\&\fISSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
+\&\fBSSL_CTX_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
list of CAs sent to the client when requesting a client certificate for
\&\fBctx\fR.
.PP
-\&\fISSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
+\&\fBSSL_add_client_CA()\fR adds the \s-1CA\s0 name extracted from \fBcacert\fR to the
list of CAs sent to the client when requesting a client certificate for
the chosen \fBssl\fR, overriding the setting valid for \fBssl\fR's \s-1SSL_CTX\s0 object.
.PP
-\&\fISSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer
+\&\fBSSL_get0_peer_CA_list()\fR retrieves the list of \s-1CA\s0 names (if any) the peer
has sent. This can be called on either the server or the client side. The
returned list should not be freed by the caller.
.PP
@@ -223,63 +227,63 @@ Typically, on the server side, the \*(L"client \s-1CA\s0 list \*(R" functions sh
preference. As noted above in most cases it is not necessary to set \s-1CA\s0 names on
the client side.
.PP
-\&\fISSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to
+\&\fBSSL_CTX_set0_CA_list()\fR sets the list of CAs to be sent to the peer to
\&\fBname_list\fR. Ownership of \fBname_list\fR is transferred to \fBctx\fR and
it should not be freed by the caller.
.PP
-\&\fISSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR
+\&\fBSSL_set0_CA_list()\fR sets the list of CAs to be sent to the peer to \fBname_list\fR
overriding any list set in the parent \fB\s-1SSL_CTX\s0\fR of \fBs\fR. Ownership of
\&\fBname_list\fR is transferred to \fBs\fR and it should not be freed by the caller.
.PP
-\&\fISSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for
+\&\fBSSL_CTX_get0_CA_list()\fR retrieves any previously set list of CAs set for
\&\fBctx\fR. The returned list should not be freed by the caller.
.PP
-\&\fISSL_get0_CA_list()\fR retrieves any previously set list of CAs set for
+\&\fBSSL_get0_CA_list()\fR retrieves any previously set list of CAs set for
\&\fBs\fR or if none are set the list from the parent \fB\s-1SSL_CTX\s0\fR is retrieved. The
returned list should not be freed by the caller.
.PP
-\&\fISSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
+\&\fBSSL_CTX_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
list of CAs sent to peer for \fBctx\fR.
.PP
-\&\fISSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
+\&\fBSSL_add1_to_CA_list()\fR appends the \s-1CA\s0 subject name extracted from \fBx\fR to the
list of CAs sent to the peer for \fBs\fR, overriding the setting in the parent
\&\fB\s-1SSL_CTX\s0\fR.
.SH "NOTES"
.IX Header "NOTES"
When a \s-1TLS/SSL\s0 server requests a client certificate (see
-\&\fB\f(BISSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept
+\&\fB\fBSSL_CTX_set_verify\fB\|(3)\fR), it sends a list of CAs, for which it will accept
certificates, to the client.
.PP
-This list must explicitly be set using \fISSL_CTX_set_client_CA_list()\fR or
-\&\fISSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fISSL_set_client_CA_list()\fR or
-\&\fISSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified
+This list must explicitly be set using \fBSSL_CTX_set_client_CA_list()\fR or
+\&\fBSSL_CTX_set0_CA_list()\fR for \fBctx\fR and \fBSSL_set_client_CA_list()\fR or
+\&\fBSSL_set0_CA_list()\fR for the specific \fBssl\fR. The list specified
overrides the previous setting. The CAs listed do not become trusted (\fBlist\fR
only contains the names, not the complete certificates); use
-\&\fISSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification.
+\&\fBSSL_CTX_load_verify_locations\fR\|(3) to additionally load them for verification.
.PP
If the list of acceptable CAs is compiled in a file, the
-\&\fISSL_load_client_CA_file\fR\|(3) function can be used to help to import the
+\&\fBSSL_load_client_CA_file\fR\|(3) function can be used to help to import the
necessary data.
.PP
-\&\fISSL_CTX_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR, \fISSL_add_client_CA()\fR and
-\&\fISSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no
-list was specified before using \fISSL_CTX_set_client_CA_list()\fR,
-\&\fISSL_CTX_set0_CA_list()\fR, \fISSL_set_client_CA_list()\fR or \fISSL_set0_CA_list()\fR, a
+\&\fBSSL_CTX_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR, \fBSSL_add_client_CA()\fR and
+\&\fBSSL_add1_to_CA_list()\fR can be used to add additional items the list of CAs. If no
+list was specified before using \fBSSL_CTX_set_client_CA_list()\fR,
+\&\fBSSL_CTX_set0_CA_list()\fR, \fBSSL_set_client_CA_list()\fR or \fBSSL_set0_CA_list()\fR, a
new \s-1CA\s0 list for \fBctx\fR or \fBssl\fR (as appropriate) is opened.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR,
-\&\fISSL_CTX_set_client_CA_list()\fR, \fISSL_set_client_CA_list()\fR, \fISSL_CTX_set0_CA_list()\fR
-and \fISSL_set0_CA_list()\fR do not return a value.
+\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR,
+\&\fBSSL_CTX_set_client_CA_list()\fR, \fBSSL_set_client_CA_list()\fR, \fBSSL_CTX_set0_CA_list()\fR
+and \fBSSL_set0_CA_list()\fR do not return a value.
.PP
-\&\fISSL_CTX_get_client_CA_list()\fR, \fISSL_get_client_CA_list()\fR, \fISSL_CTX_get0_CA_list()\fR
-and \fISSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are
+\&\fBSSL_CTX_get_client_CA_list()\fR, \fBSSL_get_client_CA_list()\fR, \fBSSL_CTX_get0_CA_list()\fR
+and \fBSSL_get0_CA_list()\fR return a stack of \s-1CA\s0 names or \fB\s-1NULL\s0\fR is no \s-1CA\s0 names are
set.
.PP
-\&\fISSL_CTX_add_client_CA()\fR,\fISSL_add_client_CA()\fR, \fISSL_CTX_add1_to_CA_list()\fR and
-\&\fISSL_add1_to_CA_list()\fR return 1 for success and 0 for failure.
+\&\fBSSL_CTX_add_client_CA()\fR,\fBSSL_add_client_CA()\fR, \fBSSL_CTX_add1_to_CA_list()\fR and
+\&\fBSSL_add1_to_CA_list()\fR return 1 for success and 0 for failure.
.PP
-\&\fISSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or
+\&\fBSSL_get0_peer_CA_list()\fR returns a stack of \s-1CA\s0 names sent by the peer or
\&\fB\s-1NULL\s0\fR or an empty stack if no list was sent.
.SH "EXAMPLES"
.IX Header "EXAMPLES"
@@ -290,12 +294,12 @@ Scan all certificates in \fBCAfile\fR and list them as acceptable CAs:
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fIssl\fR\|(7),
-\&\fISSL_load_client_CA_file\fR\|(3),
-\&\fISSL_CTX_load_verify_locations\fR\|(3)
+\&\fBssl\fR\|(7),
+\&\fBSSL_load_client_CA_file\fR\|(3),
+\&\fBSSL_CTX_load_verify_locations\fR\|(3)
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
-Copyright 2000\-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000\-2019 The OpenSSL Project Authors. All Rights Reserved.
.PP
Licensed under the OpenSSL license (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 13:22:17 +0000