SSL_CTX_check_private_key man page on DigitalUNIX

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
DigitalUNIX logo
[printable version]

SSL_CTX_use_certificate(3)			    SSL_CTX_use_certificate(3)

NAME
       SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_cer‐
       tificate_file,	   SSL_use_certificate,	     SSL_use_certificate_ASN1,
       SSL_use_certificate_file,	   SSL_CTX_use_certificate_chain_file,
       SSL_CTX_use_PrivateKey,	SSL_CTX_use_PrivateKey_ASN1,  SSL_CTX_use_Pri‐
       vateKey_file,	   SSL_CTX_use_RSAPrivateKey,	   SSL_CTX_use_RSAPri‐
       vateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file,  SSL_use_PrivateKey_file,
       SSL_use_PrivateKey_ASN1,	  SSL_use_PrivateKey,	SSL_use_RSAPrivateKey,
       SSL_use_RSAPrivateKey_ASN1,		   SSL_use_RSAPrivateKey_file,
       SSL_CTX_check_private_key - Load certificate and key data

SYNOPSIS
       #include <openssl/ssl.h>

       int SSL_CTX_use_certificate(
	       SSL_CTX *ctx, X509 *x ); int SSL_CTX_use_certificate_ASN1(
	       SSL_CTX *ctx, int len, unsigned char *d ); int SSL_CTX_use_cer‐
       tificate_file(
	       SSL_CTX *ctx, const char *file, int type	 );  int  SSL_use_cer‐
       tificate(
	       SSL *ssl, X509 *x ); int SSL_use_certificate_ASN1(
	       SSL  *ssl,  unsigned  char  *d, int len ); int SSL_use_certifi‐
       cate_file(
	       SSL *ssl, const char *file, int type  );	 int  SSL_CTX_use_cer‐
       tificate_chain_file(
	       SSL_CTX *ctx, const char *file ); int SSL_CTX_use_PrivateKey(
	       SSL_CTX	 *ctx,	 EVP_PKEY   *pkey   );	 int  SSL_CTX_use_Pri‐
       vateKey_ASN1(
	       int pk, SSL_CTX	*ctx,  unsigned	 char  *d,  long  len  );  int
       SSL_CTX_use_PrivateKey_file(
	       SSL_CTX	 *ctx,	 const	 char	*file,	 int   type   );   int
       SSL_CTX_use_RSAPrivateKey(
	       SSL_CTX *ctx, RSA *rsa ); int SSL_CTX_use_RSAPrivateKey_ASN1(
	       SSL_CTX	 *ctx,	 unsigned   char   *d,	 long	len   );   int
       SSL_CTX_use_RSAPrivateKey_file(
	       SSL_CTX	*ctx,  const  char *file, int type ); int SSL_use_Pri‐
       vateKey(
	       SSL *ssl, EVP_PKEY *pkey ); int SSL_use_PrivateKey_ASN1(
	       int pk,SSL *ssl, unsigned char *d, long len ); int SSL_use_Pri‐
       vateKey_file(
	       SSL  *ssl,  const  char	*file, int type ); int SSL_use_RSAPri‐
       vateKey(
	       SSL *ssl, RSA *rsa ); int SSL_use_RSAPrivateKey_ASN1(
	       SSL *ssl, unsigned char *d, long	 len  );  int  SSL_use_RSAPri‐
       vateKey_file(
	       SSL  *ssl, const char *file, int type ); int SSL_CTX_check_pri‐
       vate_key(
	       SSL_CTX *ctx );

DESCRIPTION
       These functions load the certificates and private keys into the SSL_CTX
       or SSL object, respectively.

       The  SSL_CTX_*  class of functions loads the certificates and keys into
       the SSL_CTX object ctx. The information is passed to  SSL  objects  ssl
       created	from  ctx  with	 the  SSL_new()	 function  by copying, so that
       changes applied to  ctx	do  not	 propagate  to	already	 existing  SSL
       objects.

       The  SSL_*  class  of functions only loads certificates and keys into a
       specific SSL object. The specific information is kept when  SSL_clear()
       is called for this SSL object.

       The  SSL_CTX_use_certificate()  function	 loads	the certificate x into
       ctx, and the SSL_use_certificate() function loads x into ssl. The  rest
       of  the	certificates needed to form the complete certificate chain can
       be specified using the SSL_CTX_add_extra_chain_cert() function.

       The SSL_CTX_use_certificate_ASN1() function loads the ASN1 encoded cer‐
       tificate	 from  the  memory  location d (with length len) into ctx. The
       SSL_use_certificate_ASN1() function loads the ASN1 encoded  certificate
       into ssl.

       The SSL_CTX_use_certificate_file() function loads the first certificate
       stored in file into ctx. The formatting type of the certificate must be
       specified from the known types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1. The
       SSL_use_certificate_file() function loads  the  certificate  from  file
       into ssl.

       The  SSL_CTX_use_certificate_chain_file()  function loads a certificate
       chain from file into ctx. The certificates must be in  PEM  format  and
       must be sorted starting with the certificate to the highest level (root
       CA). There is no corresponding function working on a single SSL object.

       The SSL_CTX_use_PrivateKey() function adds pkey as private key to  ctx.
       The  SSL_CTX_use_RSAPrivateKey()	 function  adds the private key rsa of
       type RSA to ctx. The SSL_use_PrivateKey() function adds pkey as private
       key  to	ssl.  The SSL_use_RSAPrivateKey() function adds rsa as private
       key of type RSA to ssl.

       The SSL_CTX_use_PrivateKey_ASN1() function adds the private key of type
       pk   stored   at	  memory   location   d	  (length  len)	 to  ctx.  The
       SSL_CTX_use_RSAPrivateKey_ASN1() function adds the private key of  type
       RSA  stored  at memory location d (length len) to ctx. The SSL_use_Pri‐
       vateKey_ASN1() and SSL_use_RSAPrivateKey_ASN1() functions add the  pri‐
       vate key to ssl.

       The  SSL_CTX_use_PrivateKey_file()  function adds the first private key
       found in file to ctx.  The formatting type of the certificate  must  be
       specified  from	the  known  types SSL_FILETYPE_PEM, SSL_FILETYPE_ASN1.
       The SSL_CTX_use_RSAPrivateKey_file() function adds  the	first  private
       RSA  key	 found in file to ctx.	The SSL_use_PrivateKey_file() function
       adds the first private key found in file to  ssl.  The  SSL_use_RSAPri‐
       vateKey_file() function adds the first private RSA key found to ssl.

       The  SSL_CTX_check_private_key()	 funciton  checks the consistency of a
       private key with the corresponding certificate loaded into ctx. If more
       than  one  key/certificate  pair	 (RSA/DSA) is installed, the last item
       installed will be checked. If, for example, the last item  was  an  RSA
       certificate  or	key,  the  RSA	key/certificate	 pair will be checked.
       TheSSL_check_private_key() function performs the same check for ssl. If
       no key/certificate was added for this ssl, the last item added into ctx
       will be checked.

					Note

       The internal certificate store of OpenSSL can hold two private key/cer‐
       tificate	 pairs	at  a  time:  one  key/certificate of type RSA and one
       key/certificate of type DSA. The certificate used depends on the cipher
       select. See SSL_CTX_set_cipher_list(3).

       When  reading  certificates  and	 private keys from file, files of type
       SSL_FILETYPE_ASN1 (also known as DER, binary encoding) can only contain
       one certificate or private key. Consequently,  the SSL_CTX_use_certifi‐
       cate_chain_file() function is only applicable to PEM formatting.	 Files
       of type SSL_FILETYPE_PEM can contain more than one item.

       The  SSL_CTX_use_certificate_chain_file()  function adds the first cer‐
       tificate found in the file to the certificate store. The other certifi‐
       cates   are  added  to  the  store  of  chain  certificates  using  the
       SSL_CTX_add_extra_chain_cert() function. There exists  only  one	 extra
       chain  store,  so that the same chain is appended to both types of cer‐
       tificates, RSA and DSA. If it is not intended to use both types of cer‐
       tificate	 at  the  same	time,  you should use the SSL_CTX_use_certifi‐
       cate_chain_file()  function   instead   of   the	  SSL_CTX_use_certifi‐
       cate_file()  function.  This  allows  the  use  of complete certificate
       chains even when no trusted CA storage is used or when the  CA  issuing
       the certificate shall not be added to the trusted CA storage.

       If  additional certificates are needed to complete the chain during the
       TLS negotiation, CA certificates are  additionally  looked  up  in  the
       locations  of  trusted  CA  certificates. See SSL_CTX_load_verify_loca‐
       tions(3).

       The private keys loaded from file can be encrypted. In  order  to  suc‐
       cessfully load encrypted keys, a function returning the passphrase must
       have been supplied,.  See  SSL_CTX_set_default_passwd_cb(3).  (Certifi‐
       cate  files  also  might be encrypted from the technical point of view,
       but it is unnecessary because the data in the certificate is considered
       public.)

RETURN VALUES
       On success, the functions return 1. Otherwise, check the error stack to
       find the reason.

SEE ALSO
       Functions: ssl(3), SSL_new(3), SSL_clear(3),  SSL_check_private_key(3),
       SSL_CTX_load_verify_locations(3),     SSL_CTX_set_default_passwd_cb(3),
       SSL_CTX_set_cipher_list(3),		SSL_CTX_set_client_cert_cb(3),
       SSL_CTX_add_extra_chain_cert(3)

						    SSL_CTX_use_certificate(3)
[top]

List of man pages available for DigitalUNIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net