Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
TLS_LOAD_FILE(3)       FreeBSD Library Functions Manual	      TLS_LOAD_FILE(3)

NAME
     tls_load_file, tls_unload_file, tls_config_set_ca_file,
     tls_config_set_ca_path, tls_config_set_ca_mem, tls_config_set_cert_file,
     tls_config_set_cert_mem, tls_config_set_crl_file, tls_config_set_crl_mem,
     tls_config_set_key_file, tls_config_set_key_mem,
     tls_config_set_ocsp_staple_mem, tls_config_set_ocsp_staple_file,
     tls_config_set_keypair_file, tls_config_set_keypair_mem,
     tls_config_set_keypair_ocsp_file, tls_config_set_keypair_ocsp_mem,
     tls_config_add_keypair_file, tls_config_add_keypair_ocsp_mem,
     tls_config_add_keypair_ocsp_file, tls_config_add_keypair_mem,
     tls_config_clear_keys, tls_config_set_verify_depth,
     tls_config_verify_client, tls_config_verify_client_optional,
     tls_default_ca_cert_file -- TLS certificate and key configuration

SYNOPSIS
     #include <tls.h>

     uint8_t *
     tls_load_file(const char *file, size_t *len, char *password);

     void
     tls_unload_file(uint8_t *buf, size_t len);

     int
     tls_config_set_ca_file(struct tls_config *config, const char *ca_file);

     int
     tls_config_set_ca_path(struct tls_config *config, const char *ca_path);

     int
     tls_config_set_ca_mem(struct tls_config *config, const uint8_t *cert,
	 size_t	len);

     int
     tls_config_set_cert_file(struct tls_config	*config,
	 const char *cert_file);

     int
     tls_config_set_cert_mem(struct tls_config *config,	const uint8_t *cert,
	 size_t	len);

     int
     tls_config_set_crl_file(struct tls_config *config,	const char *crl_file);

     int
     tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
	 size_t	len);

     int
     tls_config_set_key_file(struct tls_config *config,	const char *key_file);

     int
     tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
	 size_t	len);

     int
     tls_config_set_ocsp_staple_mem(struct tls_config *config,
	 const uint8_t *staple,	size_t len);

     int
     tls_config_set_ocsp_staple_file(struct tls_config *config,
	 const char *staple_file);

     int
     tls_config_set_keypair_file(struct	tls_config *config,
	 const char *cert_file,	const char *key_file);

     int
     tls_config_set_keypair_mem(struct tls_config *config,
	 const uint8_t *cert, size_t cert_len, const uint8_t *key,
	 size_t	key_len);

     int
     tls_config_set_keypair_ocsp_file(struct tls_config	*config,
	 const char *cert_file,	const char *key_file,
	 const char *staple_file);

     int
     tls_config_set_keypair_ocsp_mem(struct tls_config *config,
	 const uint8_t *cert, size_t cert_len, const uint8_t *key,
	 size_t	key_len, const uint8_t *staple,	size_t staple_len);

     int
     tls_config_add_keypair_file(struct	tls_config *config,
	 const char *cert_file,	const char *key_file);

     int
     tls_config_add_keypair_mem(struct tls_config *config,
	 const uint8_t *cert, size_t cert_len, const uint8_t *key,
	 size_t	key_len);

     int
     tls_config_add_keypair_ocsp_file(struct tls_config	*config,
	 const char *cert_file,	const char *key_file,
	 const char *staple_file);

     int
     tls_config_add_keypair_ocsp_mem(struct tls_config *config,
	 const uint8_t *cert, size_t cert_len, const uint8_t *key,
	 size_t	key_len, const uint8_t *staple,	size_t staple_len);

     void
     tls_config_clear_keys(struct tls_config *config);

     int
     tls_config_set_verify_depth(struct	tls_config *config, int	verify_depth);

     void
     tls_config_verify_client(struct tls_config	*config);

     void
     tls_config_verify_client_optional(struct tls_config *config);

     const char	*
     tls_default_ca_cert_file(void);

DESCRIPTION
     tls_load_file() loads a certificate or key	from disk into memory to be
     used with tls_config_set_ca_mem(),	tls_config_set_cert_mem(),
     tls_config_set_crl_mem() or tls_config_set_key_mem().  A private key will
     be	decrypted if the optional password argument is specified.

     tls_unload_file() unloads the memory that was returned from an earlier
     tls_load_file() call, ensuring that the memory contents is	discarded.

     tls_default_ca_cert_file()	returns	the path of the	file that contains the
     default root certificates.

     tls_config_set_ca_file() sets the filename	used to	load a file containing
     the root certificates.

     tls_config_set_ca_path() sets the path (directory)	which should be
     searched for root certificates.

     tls_config_set_ca_mem() sets the root certificates	directly from memory.

     tls_config_set_cert_file()	sets file from which the public	certificate
     will be read.

     tls_config_set_cert_mem() sets the	public certificate directly from mem-
     ory.

     tls_config_set_crl_file() sets the	filename used to load a	file contain-
     ing the Certificate Revocation List (CRL).

     tls_config_set_crl_mem() sets the CRL directly from memory.

     tls_config_set_key_file() sets the	file from which	the private key	will
     be	read.

     tls_config_set_key_mem() directly sets the	private	key from memory.

     tls_config_set_ocsp_staple_file() sets a DER-encoded OCSP response	to be
     stapled during the	TLS handshake from the specified file.

     tls_config_set_ocsp_staple_mem() sets a DER-encoded OCSP response to be
     stapled during the	TLS handshake from memory.

     tls_config_set_keypair_file() sets	the files from which the public	cer-
     tificate, and private key will be read.

     tls_config_set_keypair_mem() directly sets	the public certificate,	and
     private key from memory.

     tls_config_set_keypair_ocsp_file()	sets the files from which the public
     certificate, private key, and DER-encoded OCSP staple will	be read.

     tls_config_set_keypair_ocsp_mem() directly	sets the public	certificate,
     private key, and DER-encoded OCSP staple from memory.

     tls_config_add_keypair_file() adds	an additional public certificate, and
     private key from the specified files, used	as an alternative certificate
     for Server	Name Indication	(server	only).

     tls_config_add_keypair_mem() adds an additional public certificate, and
     private key from memory, used as an alternative certificate for Server
     Name Indication (server only).

     tls_config_add_keypair_ocsp_file()	adds an	additional public certificate,
     private key, and DER-encoded OCSP staple from the specified files,	used
     as	an alternative certificate for Server Name Indication (server only).

     tls_config_add_keypair_ocsp_mem() adds an additional public certificate,
     private key, and DER-encoded OCSP staple from memory, used	as an alterna-
     tive certificate for Server Name Indication (server only).

     tls_config_clear_keys() clears any	secret keys from memory.

     tls_config_set_verify_depth() limits the number of	intermediate certifi-
     cates that	will be	followed during	certificate validation.

     tls_config_verify_client()	enables	client certificate verification, re-
     quiring the client	to send	a certificate (server only).

     tls_config_verify_client_optional() enables client	certificate verifica-
     tion, without requiring the client	to send	a certificate (server only).

RETURN VALUES
     tls_load_file() returns NULL on error or an out of	memory condition.

     The other functions return	0 on success or	-1 on error.

SEE ALSO
     tls_config_ocsp_require_stapling(3), tls_config_set_protocols(3),
     tls_config_set_session_id(3), tls_configure(3), tls_init(3)

HISTORY
     tls_config_set_ca_file(), tls_config_set_ca_path(),
     tls_config_set_cert_file(), tls_config_set_cert_mem(),
     tls_config_set_key_file(),	tls_config_set_key_mem(), and
     tls_config_set_verify_depth() appeared in OpenBSD 5.6 and got their final
     names in OpenBSD 5.7.

     tls_load_file(), tls_config_set_ca_mem(), and tls_config_clear_keys() ap-
     peared in OpenBSD 5.7.

     tls_config_verify_client()	and tls_config_verify_client_optional()	ap-
     peared in OpenBSD 5.9.

     tls_config_set_keypair_file() and tls_config_set_keypair_mem() appeared
     in	OpenBSD	6.0, and tls_config_add_keypair_file() and
     tls_config_add_keypair_mem() in OpenBSD 6.1.

     tls_config_set_crl_file() and tls_config_set_crl_mem() appeared in
     OpenBSD 6.2.

AUTHORS
     Joel Sing <jsing@openbsd.org> with	contibutions from
     Ted Unangst <tedu@openbsd.org> and
     Bob Beck <beck@openbsd.org>.

     tls_load_file() and tls_config_set_ca_mem() were written by
     Reyk Floeter <reyk@openbsd.org>.

FreeBSD	13.0		       November	29, 2018		  FreeBSD 13.0

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUES | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=tls_load_file&sektion=3&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help