generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Document the default CA path functions

Browse Source 
Reviewed-by: Andy Polyakov <appro@openssl.org>
This commit is contained in:
Matt Caswell 2015-09-22 17:05:17 +01:00
parent d84a7b20e3
commit 631fb6af5f
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
doc/ssl/SSL_CTX_load_verify_locations.pod
View File

@ -12,12 +12,30 @@ certificates
int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
const char *CApath); const char *CApath);
int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
=head1 DESCRIPTION =head1 DESCRIPTION
SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at SSL_CTX_load_verify_locations() specifies the locations for B<ctx>, at
which CA certificates for verification purposes are located. The certificates which CA certificates for verification purposes are located. The certificates
available via B<CAfile> and B<CApath> are trusted. available via B<CAfile> and B<CApath> are trusted.
SSL_CTX_set_default_verify_paths() specifies that the default locations for
which CA certificates are loaded should be used. There is one default directory
and one default file.
SSL_CTX_set_default_verify_dir() is similar to
SSL_CTX_set_default_verify_paths() except that just the default directory is
used.
SSL_CTX_set_default_verify_file() is similar to
SSL_CTX_set_default_verify_paths() except that just the default file is
used.
=head1 NOTES =head1 NOTES
If B<CAfile> is not NULL, it points to a file of CA certificates in PEM If B<CAfile> is not NULL, it points to a file of CA certificates in PEM
@ -96,7 +114,7 @@ for use as B<CApath>:
=head1 RETURN VALUES =head1 RETURN VALUES
The following return values can occur: For SSL_CTX_load_verify_locations the following return values can occur:
=over 4 =over 4
@ -112,6 +130,10 @@ The operation succeeded.
=back =back
SSL_CTX_set_default_verify_paths(), SSL_CTX_set_default_verify_dir() and
SSL_CTX_set_default_verify_file() all return 1 on success or 0 on failure. A
missing default location is still treated as a success.
=head1 SEE ALSO =head1 SEE ALSO
L<ssl(3)>, L<ssl(3)>,

11
doc/ssl/ssl.pod
View File

@ -298,6 +298,17 @@ protocol context defined in the B<SSL_CTX> structure.
=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx); =item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
Use the default paths to locate trusted CA certificates. There is one default
directory path and one default file path. Both are set via this call.
=item int B<SSL_CTX_set_default_verify_dir>(SSL_CTX *ctx)
Use the default directory path to locate trusted CA certficates.
=item int B<SSL_CTX_set_default_verify_file>(SSL_CTX *ctx)
Use the file path to locate trusted CA certficates.
=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg); =item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret)); =item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));