SSL_CTX_set0_CA_list(3) | OpenSSL | SSL_CTX_set0_CA_list(3) |
#include <openssl/ssl.h> void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list); void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list); const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx); const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s); int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x); int SSL_add1_to_CA_list(SSL *ssl, const X509 *x); const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
SSL_set0_CA_list() sets the list of CAs to be sent to the peer to name_list overriding any list set in the parent SSL_CTX of s. Ownership of name_list is transferred to s and it should not be freed by the caller.
SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for ctx.
SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for s or if none are set the list from the parent SSL_CTX is retrieved.
SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x to the list of CAs sent to peer for ctx.
SSL_add1_to_CA_list() appends the CA subject name extracted from x to the list of CAs sent to the peer for s, overriding the setting in the parent SSL_CTX.
SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the peer has sent.
For TLS versions before 1.3 the list of CA names is only sent from the server to client when requesting a client certificate. So any list of CA names set is never sent from client to server and the list of CA names retrieved by SSL_get0_peer_CA_list() is always NULL.
For TLS 1.3 the list of CA names is sent using the certificate_authorities extension and will be sent by a client (in the ClientHello message) or by a server (when requesting a certificate).
SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA names or NULL is no CA names are set.
SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for success and 0 for failure.
SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or NULL or an empty stack if no list was sent.
Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
2018-09-17 | 1.1.1 |