gtpc1m67 | Transmission Control Protocol/Internet Protocol |
The SSL_set_client_CA_list function identifies the list of
certificate authorities (CAs) that are sent to the remote client application
when requesting the client certificates for a specific Secure Sockets Layer
(SSL) session. The client application must provide a certificate that
was signed by one of the CAs in the list.
Format
#include <openssl/ssl.h>
void SSL_set_client_CA_list(SSL *ssl,STACK_OF(X509_NAME) *list)
- ssl
- A pointer to a token returned on the SSL_new call.
- list
- A pointer to a stack of CA names.
Normal Return
None.
Error Return
None.
Programming Considerations
- The SSL_set_client_CA_list function is needed only by server
applications that verify the identity of remote client applications when SSL
sessions are started.
- Use the output from the SSL_load_client_CA_file function as
input to this function.
- If the SSL_set_client_CA_list function is not used and you
request a client certificate, the list of CA names that get passed to the
client application are the CAs from the
SSL_CTX_load_verify_locations function.
- This function cannot be issued with a shared SSL session as input.
In addition, the SSL_load_client_CA_file function does not have an
SSL or CTX structure as input; therefore, you must use the
SSL_load_and_set_client_CA_list function for shared SSL
sessions.
Examples
For sample SSL applications, go to http://www.ibm.com/tpf/pubs/tpfpubs.htm,
click SSL for the TPF 4.1 System: An Online User's
Guide, and click Examples from the left navigation
bar.
Related Information