logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

tls_load_file, tls_unload_file, tls_config_set_ca_file, tls_config_set_ca_path, tls_config_set_ca_mem,

Authors

       Joel Sing <jsing@openbsd.org> with contributions from
       Ted Unangst <tedu@openbsd.org> and
       Bob Beck <beck@openbsd.org>.

       tls_load_file() and tls_config_set_ca_mem() were written by
       Reyk Floeter <reyk@openbsd.org>.

Debian                                           January 1, 2022                                TLS_LOAD_FILE(3)

Description

tls_load_file() loads a certificate or key from disk into memory to be used with tls_config_set_ca_mem(),
       tls_config_set_cert_mem(), tls_config_set_crl_mem() or tls_config_set_key_mem().  A private key  will  be
       decrypted if the optional password argument is specified.

       tls_unload_file()  unloads  the  memory  that was returned from an earlier tls_load_file() call, ensuring
       that the memory contents is discarded.

       tls_default_ca_cert_file() returns the path of the file that contains the default root certificates.

       tls_config_set_ca_file() loads a file containing the root certificates.

       tls_config_set_ca_path() sets the path (directory) which should be searched for root certificates.

       tls_config_set_ca_mem() sets the root certificates directly from memory.

       tls_config_set_cert_file() loads a file containing the public certificate.

       tls_config_set_cert_mem() sets the public certificate directly from memory.

       tls_config_set_crl_file() loads a file containing the Certificate Revocation List (CRL).

       tls_config_set_crl_mem() sets the CRL directly from memory.

       tls_config_set_key_file() loads a file containing the private key.

       tls_config_set_key_mem() directly sets the private key from memory.

       tls_config_set_ocsp_staple_file() loads a file containing a  DER-encoded  OCSP  response  to  be  stapled
       during the TLS handshake.

       tls_config_set_ocsp_staple_mem()  sets a DER-encoded OCSP response to be stapled during the TLS handshake
       from memory.

       tls_config_set_keypair_file() loads two files from which the public certificate and private key  will  be
       read.

       tls_config_set_keypair_mem() directly sets the public certificate and private key from memory.

       tls_config_set_keypair_ocsp_file()  loads three files containing the public certificate, private key, and
       DER-encoded OCSP staple.

       tls_config_set_keypair_ocsp_mem() directly sets the public certificate, private key, and DER-encoded OCSP
       staple from memory.

       tls_config_add_keypair_file() adds an additional public certificate and private key  from  the  specified
       files, used as an alternative certificate for Server Name Indication (server only).

       tls_config_add_keypair_mem()  adds  an additional public certificate and private key from memory, used as
       an alternative certificate for Server Name Indication (server only).

       tls_config_add_keypair_ocsp_file() adds an additional public certificate, private  key,  and  DER-encoded
       OCSP  staple  from  the  specified  files,  used as an alternative certificate for Server Name Indication
       (server only).

       tls_config_add_keypair_ocsp_mem() adds an additional public certificate,  private  key,  and  DER-encoded
       OCSP staple from memory, used as an alternative certificate for Server Name Indication (server only).

       tls_config_clear_keys() clears any secret keys from memory.

       tls_config_set_verify_depth() limits the number of intermediate certificates that will be followed during
       certificate validation.

       tls_config_verify_client()  enables  client  certificate  verification,  requiring  the  client to send a
       certificate (server only).

       tls_config_verify_client_optional() enables client certificate verification, without requiring the client
       to send a certificate (server only).

History

tls_config_set_ca_file(),              tls_config_set_ca_path(),              tls_config_set_cert_file(),
       tls_config_set_cert_mem(),        tls_config_set_key_file(),        tls_config_set_key_mem(),         and
       tls_config_set_verify_depth() appeared in OpenBSD 5.6 and got their final names in OpenBSD 5.7.

       tls_load_file(), tls_config_set_ca_mem(), and tls_config_clear_keys() appeared in OpenBSD 5.7.

       tls_config_verify_client() and tls_config_verify_client_optional() appeared in OpenBSD 5.9.

       tls_config_set_keypair_file()   and   tls_config_set_keypair_mem()   appeared   in   OpenBSD   6.0,   and
       tls_config_add_keypair_file() and tls_config_add_keypair_mem() in OpenBSD 6.1.

       tls_config_set_crl_file() and tls_config_set_crl_mem() appeared in OpenBSD 6.2.

Name

       tls_load_file,  tls_unload_file,  tls_config_set_ca_file,  tls_config_set_ca_path, tls_config_set_ca_mem,
       tls_config_set_cert_file,   tls_config_set_cert_mem,   tls_config_set_crl_file,   tls_config_set_crl_mem,
       tls_config_set_key_file,              tls_config_set_key_mem,             tls_config_set_ocsp_staple_mem,
       tls_config_set_ocsp_staple_file,         tls_config_set_keypair_file,         tls_config_set_keypair_mem,
       tls_config_set_keypair_ocsp_file,      tls_config_set_keypair_ocsp_mem,      tls_config_add_keypair_file,
       tls_config_add_keypair_ocsp_mem,      tls_config_add_keypair_ocsp_file,       tls_config_add_keypair_mem,
       tls_config_clear_keys,               tls_config_set_verify_depth,               tls_config_verify_client,
       tls_config_verify_client_optional, tls_default_ca_cert_file — TLS certificate and key configuration

Return Values

tls_load_file() returns NULL on error or an out of memory condition.

       The other functions return 0 on success or -1 on error.

See Also

tls_config_ocsp_require_stapling(3),      tls_config_set_protocols(3),      tls_config_set_session_id(3),
       tls_configure(3), tls_init(3)

Synopsis

#include<tls.h>uint8_t*tls_load_file(constchar*file, size_t*len, char*password);

       voidtls_unload_file(uint8_t*buf, size_tlen);

       inttls_config_set_ca_file(structtls_config*config, constchar*ca_file);

       inttls_config_set_ca_path(structtls_config*config, constchar*ca_path);

       inttls_config_set_ca_mem(structtls_config*config, constuint8_t*cert, size_tlen);

       inttls_config_set_cert_file(structtls_config*config, constchar*cert_file);

       inttls_config_set_cert_mem(structtls_config*config, constuint8_t*cert, size_tlen);

       inttls_config_set_crl_file(structtls_config*config, constchar*crl_file);

       inttls_config_set_crl_mem(structtls_config*config, constuint8_t*crl, size_tlen);

       inttls_config_set_key_file(structtls_config*config, constchar*key_file);

       inttls_config_set_key_mem(structtls_config*config, constuint8_t*key, size_tlen);

       inttls_config_set_ocsp_staple_mem(structtls_config*config, constuint8_t*staple, size_tlen);

       inttls_config_set_ocsp_staple_file(structtls_config*config, constchar*staple_file);

       inttls_config_set_keypair_file(structtls_config*config, constchar*cert_file, constchar*key_file);

       inttls_config_set_keypair_mem(structtls_config*config,        constuint8_t*cert,        size_tcert_len,
           constuint8_t*key, size_tkey_len);

       inttls_config_set_keypair_ocsp_file(structtls_config*config,  constchar*cert_file, constchar*key_file,
           constchar*staple_file);

       inttls_config_set_keypair_ocsp_mem(structtls_config*config,     constuint8_t*cert,      size_tcert_len,
           constuint8_t*key, size_tkey_len, constuint8_t*staple, size_tstaple_len);

       inttls_config_add_keypair_file(structtls_config*config, constchar*cert_file, constchar*key_file);

       inttls_config_add_keypair_mem(structtls_config*config,        constuint8_t*cert,        size_tcert_len,
           constuint8_t*key, size_tkey_len);

       inttls_config_add_keypair_ocsp_file(structtls_config*config, constchar*cert_file,  constchar*key_file,
           constchar*staple_file);

       inttls_config_add_keypair_ocsp_mem(structtls_config*config,      constuint8_t*cert,     size_tcert_len,
           constuint8_t*key, size_tkey_len, constuint8_t*staple, size_tstaple_len);

       voidtls_config_clear_keys(structtls_config*config);

       inttls_config_set_verify_depth(structtls_config*config, intverify_depth);

       voidtls_config_verify_client(structtls_config*config);

       voidtls_config_verify_client_optional(structtls_config*config);

       constchar*tls_default_ca_cert_file(void);

See Also