gtpc1m61 | Transmission Control Protocol/Internet Protocol |
The SSL_load_client_CA_file function loads certificates from a
specific file and returns the issuer name of each certificate.
Format
#include <openssl/ssl.h>
STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
- file
- A pointer to the name of the file that contains the certificates.
The file must be in PEM (base64 encoded) format.
Normal Return
Returns a stack of certificate issuer names. The names include each
certificate authority (CA) that signed any of the certificates in the
file.
Error Return
If unsuccessful, the SSL_load_client_CA_file function returns
NULL. The following are the most likely causes of errors:
- The certificate authority (CA) file does not exist or you do not have
permission to read that file.
- The CA file that contains the certificate chain is not in PEM (base64
encoded) format.
Programming Considerations
- The SSL_load_client_CA_file function is needed only by server
applications that verify the identity of remote client applications when
Secure Sockets Layer (SSL) sessions are started.
- The file must contain certificates for all CAs that the server application
will accept as the CA that signed the certificate for the client
application. This list of CAs is not necessarily the same list of CAs
that the server application trusts.
- Pass the output of the SSL_load_client_CA_file function to the
SSL_CTX_set_client_CA_list or the SSL_set_client_CA_list
functions. The list of CAs will be sent to the client application when
requesting its certificate.
- This function does not have an SSL or CTX structure as input. In
addition, the SSL_set_client_CA_list function cannot be issued with
a shared SSL session as input; therefore, you must use the
SSL_load_and_set_client_CA_list function for shared SSL
sessions.
Examples
For sample SSL applications, go to http://www.ibm.com/tpf/pubs/tpfpubs.htm,
click SSL for the TPF 4.1 System: An Online User's
Guide, and click Examples from the left navigation
bar.
Related Information