=head1 NAME
-SSL_load_client_CA_file - load certificate names from file
+SSL_load_client_CA_file,
+SSL_add_file_cert_subjects_to_stack,
+SSL_add_dir_cert_subjects_to_stack,
+SSL_add_store_cert_subjects_to_stack
+- load certificate names
=head1 SYNOPSIS
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+ const char *file)
+ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+ const char *dir)
+ int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+ const char *store)
+
=head1 DESCRIPTION
-SSL_load_client_CA_file() reads certificates from B<file> and returns
+SSL_load_client_CA_file() reads certificates from I<file> and returns
a STACK_OF(X509_NAME) with the subject names found.
+SSL_add_file_cert_subjects_to_stack() reads certificates from I<file>,
+and adds their subject name to the already existing I<stack>.
+
+SSL_add_dir_cert_subjects_to_stack() reads certificates from every
+file in the directory I<dir>, and adds their subject name to the
+already existing I<stack>.
+
+SSL_add_store_cert_subjects_to_stack() loads certificates from the
+I<store> URI, and adds their subject name to the already existing
+I<stack>.
+
=head1 NOTES
SSL_load_client_CA_file() reads a file of PEM formatted certificates and
=head1 SEE ALSO
L<ssl(7)>,
+L<ossl_store(7)>,
L<SSL_CTX_set_client_CA_list(3)>
+=head1 HISTORY
+
+SSL_add_store_cert_subjects_to_stack() was added in OpenSSL 3.0.
+
=head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
return X509_NAME_hash((X509_NAME *)a);
}
-/**
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
{
BIO *in = BIO_new(BIO_s_file());
return ret;
}
-/**
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *file)
{
return ret;
}
-/**
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be
- * included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
const char *dir)
{
return ret;
}
-/**
- * Add a container of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
static int add_uris_recursive(STACK_OF(X509_NAME) *stack,
const char *uri, int depth)
{
* This is an entry in the "directory" represented by the current
* uri. if |depth| allows, dive into it.
*/
- if (depth == 0)
- ok = add_uris_recursive(stack, uri, depth - 1);
+ if (depth > 0)
+ ok = add_uris_recursive(stack, OSSL_STORE_INFO_get0_NAME(info),
+ depth - 1);
} else if (infotype == OSSL_STORE_INFO_CERT) {
if ((x = OSSL_STORE_INFO_get0_CERT(info)) == NULL
|| (xn = X509_get_subject_name(x)) == NULL
projects / oweals / openssl.git / commitdiff