diff options
| author |   reyk <reyk@openbsd.org> | 2014-09-28 14:45:48 +0000 |
|---|---|---|
| committer | reyk <reyk@openbsd.org> | 2014-09-28 14:45:48 +0000 |
| commit | 5e89dc0d88adf9d388d6467dc3ee2fdc7be3257c (patch) | |
| tree | c024207acaa019b2aca9e5515a0870794abcbfcf /lib/libssl/src/doc/ssl | |
| parent | Remove a limitation that ignored IPv6 link-local addresses on carp(4). (diff) | |
| download | wireguard-openbsd-5e89dc0d88adf9d388d6467dc3ee2fdc7be3257c.tar.xz wireguard-openbsd-5e89dc0d88adf9d388d6467dc3ee2fdc7be3257c.zip | |
Add a new API function SSL_CTX_use_certificate_chain() that allows to
read the PEM-encoded certificate chain from memory instead of a file.
This idea is derived from an older implementation in relayd that was
needed to use the function with a privep'ed process in a chroot. Now
it is time to get it into LibreSSL to make the API more privsep-
friendly and to make it available for other programs and the ressl
library.
ok jsing@ miod@
Diffstat (limited to 'lib/libssl/src/doc/ssl')
| -rw-r--r-- | lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod b/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod index 8e0d609d05d..560e00937fc 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_use_certificate.pod @@ -3,8 +3,9 @@ =head1 NAME SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, -SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, -SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, +SSL_CTX_use_certificate_file, SSL_use_certificate, +SSL_use_certificate_ASN1, SSL_use_certificate_file, +SSL_CTX_use_certificate_chain, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, @@ -24,6 +25,7 @@ data int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); int SSL_use_certificate_file(SSL *ssl, const char *file, int type); + int SSL_CTX_use_certificate_chain(SSL_CTX *ctx, void *buf, int len); int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); @@ -75,8 +77,8 @@ SSL_use_certificate_file() loads the certificate from B<file> into B<ssl>. See the NOTES section on why SSL_CTX_use_certificate_chain_file() should be preferred. -SSL_CTX_use_certificate_chain_file() loads a certificate chain from -B<file> into B<ctx>. The certificates must be in PEM format and must +The SSL_CTX_use_certificate_chain*() functions load a certificate chain +into B<ctx>. The certificates must be in PEM format and must be sorted starting with the subject's certificate (actual client or server certificate), followed by intermediate CA certificates if applicable, and ending at the highest level (root) CA. |