tls_load_file, tls_unload_file, tls_config_set_ca_file, tls_config_set_ca_path, tls_config_set_ca_mem,
Contents
Description
tls_load_file() loads a certificate or key from disk into memory to be used with tls_config_set_ca_mem(),
tls_config_set_cert_mem(), tls_config_set_crl_mem() or tls_config_set_key_mem(). A private key will be
decrypted if the optional password argument is specified.
tls_unload_file() unloads the memory that was returned from an earlier tls_load_file() call, ensuring
that the memory contents is discarded.
tls_default_ca_cert_file() returns the path of the file that contains the default root certificates.
tls_config_set_ca_file() loads a file containing the root certificates.
tls_config_set_ca_path() sets the path (directory) which should be searched for root certificates.
tls_config_set_ca_mem() sets the root certificates directly from memory.
tls_config_set_cert_file() loads a file containing the public certificate.
tls_config_set_cert_mem() sets the public certificate directly from memory.
tls_config_set_crl_file() loads a file containing the Certificate Revocation List (CRL).
tls_config_set_crl_mem() sets the CRL directly from memory.
tls_config_set_key_file() loads a file containing the private key.
tls_config_set_key_mem() directly sets the private key from memory.
tls_config_set_ocsp_staple_file() loads a file containing a DER-encoded OCSP response to be stapled
during the TLS handshake.
tls_config_set_ocsp_staple_mem() sets a DER-encoded OCSP response to be stapled during the TLS handshake
from memory.
tls_config_set_keypair_file() loads two files from which the public certificate and private key will be
read.
tls_config_set_keypair_mem() directly sets the public certificate and private key from memory.
tls_config_set_keypair_ocsp_file() loads three files containing the public certificate, private key, and
DER-encoded OCSP staple.
tls_config_set_keypair_ocsp_mem() directly sets the public certificate, private key, and DER-encoded OCSP
staple from memory.
tls_config_add_keypair_file() adds an additional public certificate and private key from the specified
files, used as an alternative certificate for Server Name Indication (server only).
tls_config_add_keypair_mem() adds an additional public certificate and private key from memory, used as
an alternative certificate for Server Name Indication (server only).
tls_config_add_keypair_ocsp_file() adds an additional public certificate, private key, and DER-encoded
OCSP staple from the specified files, used as an alternative certificate for Server Name Indication
(server only).
tls_config_add_keypair_ocsp_mem() adds an additional public certificate, private key, and DER-encoded
OCSP staple from memory, used as an alternative certificate for Server Name Indication (server only).
tls_config_clear_keys() clears any secret keys from memory.
tls_config_set_verify_depth() limits the number of intermediate certificates that will be followed during
certificate validation.
tls_config_verify_client() enables client certificate verification, requiring the client to send a
certificate (server only).
tls_config_verify_client_optional() enables client certificate verification, without requiring the client
to send a certificate (server only).
History
tls_config_set_ca_file(), tls_config_set_ca_path(), tls_config_set_cert_file(),
tls_config_set_cert_mem(), tls_config_set_key_file(), tls_config_set_key_mem(), and
tls_config_set_verify_depth() appeared in OpenBSD 5.6 and got their final names in OpenBSD 5.7.
tls_load_file(), tls_config_set_ca_mem(), and tls_config_clear_keys() appeared in OpenBSD 5.7.
tls_config_verify_client() and tls_config_verify_client_optional() appeared in OpenBSD 5.9.
tls_config_set_keypair_file() and tls_config_set_keypair_mem() appeared in OpenBSD 6.0, and
tls_config_add_keypair_file() and tls_config_add_keypair_mem() in OpenBSD 6.1.
tls_config_set_crl_file() and tls_config_set_crl_mem() appeared in OpenBSD 6.2.
Name
tls_load_file, tls_unload_file, tls_config_set_ca_file, tls_config_set_ca_path, tls_config_set_ca_mem,
tls_config_set_cert_file, tls_config_set_cert_mem, tls_config_set_crl_file, tls_config_set_crl_mem,
tls_config_set_key_file, tls_config_set_key_mem, tls_config_set_ocsp_staple_mem,
tls_config_set_ocsp_staple_file, tls_config_set_keypair_file, tls_config_set_keypair_mem,
tls_config_set_keypair_ocsp_file, tls_config_set_keypair_ocsp_mem, tls_config_add_keypair_file,
tls_config_add_keypair_ocsp_mem, tls_config_add_keypair_ocsp_file, tls_config_add_keypair_mem,
tls_config_clear_keys, tls_config_set_verify_depth, tls_config_verify_client,
tls_config_verify_client_optional, tls_default_ca_cert_file — TLS certificate and key configuration
Return Values
tls_load_file() returns NULL on error or an out of memory condition.
The other functions return 0 on success or -1 on error.
See Also
tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3), tls_config_set_session_id(3), tls_configure(3), tls_init(3)
Synopsis
#include<tls.h>uint8_t*tls_load_file(constchar*file, size_t*len, char*password);
voidtls_unload_file(uint8_t*buf, size_tlen);
inttls_config_set_ca_file(structtls_config*config, constchar*ca_file);
inttls_config_set_ca_path(structtls_config*config, constchar*ca_path);
inttls_config_set_ca_mem(structtls_config*config, constuint8_t*cert, size_tlen);
inttls_config_set_cert_file(structtls_config*config, constchar*cert_file);
inttls_config_set_cert_mem(structtls_config*config, constuint8_t*cert, size_tlen);
inttls_config_set_crl_file(structtls_config*config, constchar*crl_file);
inttls_config_set_crl_mem(structtls_config*config, constuint8_t*crl, size_tlen);
inttls_config_set_key_file(structtls_config*config, constchar*key_file);
inttls_config_set_key_mem(structtls_config*config, constuint8_t*key, size_tlen);
inttls_config_set_ocsp_staple_mem(structtls_config*config, constuint8_t*staple, size_tlen);
inttls_config_set_ocsp_staple_file(structtls_config*config, constchar*staple_file);
inttls_config_set_keypair_file(structtls_config*config, constchar*cert_file, constchar*key_file);
inttls_config_set_keypair_mem(structtls_config*config, constuint8_t*cert, size_tcert_len,
constuint8_t*key, size_tkey_len);
inttls_config_set_keypair_ocsp_file(structtls_config*config, constchar*cert_file, constchar*key_file,
constchar*staple_file);
inttls_config_set_keypair_ocsp_mem(structtls_config*config, constuint8_t*cert, size_tcert_len,
constuint8_t*key, size_tkey_len, constuint8_t*staple, size_tstaple_len);
inttls_config_add_keypair_file(structtls_config*config, constchar*cert_file, constchar*key_file);
inttls_config_add_keypair_mem(structtls_config*config, constuint8_t*cert, size_tcert_len,
constuint8_t*key, size_tkey_len);
inttls_config_add_keypair_ocsp_file(structtls_config*config, constchar*cert_file, constchar*key_file,
constchar*staple_file);
inttls_config_add_keypair_ocsp_mem(structtls_config*config, constuint8_t*cert, size_tcert_len,
constuint8_t*key, size_tkey_len, constuint8_t*staple, size_tstaple_len);
voidtls_config_clear_keys(structtls_config*config);
inttls_config_set_verify_depth(structtls_config*config, intverify_depth);
voidtls_config_verify_client(structtls_config*config);
voidtls_config_verify_client_optional(structtls_config*config);
constchar*tls_default_ca_cert_file(void);
