FreeBSD Manual Pages

home | help
TLS_LOAD_FILE(3)	    Library Functions Manual	      TLS_LOAD_FILE(3)

NAME
       tls_load_file,	      tls_unload_file,	       tls_config_set_ca_file,
       tls_config_set_ca_path,				tls_config_set_ca_mem,
       tls_config_set_cert_file,		      tls_config_set_cert_mem,
       tls_config_set_crl_file,			       tls_config_set_crl_mem,
       tls_config_set_key_file,			       tls_config_set_key_mem,
       tls_config_set_ocsp_staple_mem,	      tls_config_set_ocsp_staple_file,
       tls_config_set_keypair_file,		   tls_config_set_keypair_mem,
       tls_config_set_keypair_ocsp_file,      tls_config_set_keypair_ocsp_mem,
       tls_config_add_keypair_file,	      tls_config_add_keypair_ocsp_mem,
       tls_config_add_keypair_ocsp_file,	   tls_config_add_keypair_mem,
       tls_config_clear_keys,			  tls_config_set_verify_depth,
       tls_config_verify_client,	    tls_config_verify_client_optional,
       tls_default_ca_cert_file	-- TLS certificate and key configuration

SYNOPSIS
       #include	<tls.h>

       uint8_t *
       tls_load_file(const char	*file, size_t *len, char *password);

       void
       tls_unload_file(uint8_t *buf, size_t len);

       int
       tls_config_set_ca_file(struct tls_config	*config, const char *ca_file);

       int
       tls_config_set_ca_path(struct tls_config	*config, const char *ca_path);

       int
       tls_config_set_ca_mem(struct tls_config *config,	  const	uint8_t	*cert,
	   size_t len);

       int
       tls_config_set_cert_file(struct tls_config *config,
	   const char *cert_file);

       int
       tls_config_set_cert_mem(struct tls_config *config, const	uint8_t	*cert,
	   size_t len);

       int
       tls_config_set_crl_file(struct tls_config *config,
	   const char *crl_file);

       int
       tls_config_set_crl_mem(struct tls_config	*config,   const uint8_t *crl,
	   size_t len);

       int
       tls_config_set_key_file(struct tls_config *config,
	   const char *key_file);

       int
       tls_config_set_key_mem(struct tls_config	*config,   const uint8_t *key,
	   size_t len);

       int
       tls_config_set_ocsp_staple_mem(struct tls_config	*config,
	   const uint8_t *staple, size_t len);

       int
       tls_config_set_ocsp_staple_file(struct tls_config *config,
	   const char *staple_file);

       int
       tls_config_set_keypair_file(struct tls_config *config,
	   const char *cert_file, const	char *key_file);

       int
       tls_config_set_keypair_mem(struct tls_config *config,
	   const uint8_t *cert,	     size_t cert_len,	   const uint8_t *key,
	   size_t key_len);

       int
       tls_config_set_keypair_ocsp_file(struct tls_config *config,
	   const char *cert_file,			 const char *key_file,
	   const char *staple_file);

       int
       tls_config_set_keypair_ocsp_mem(struct tls_config *config,
	   const uint8_t *cert,	     size_t cert_len,	   const uint8_t *key,
	   size_t key_len, const uint8_t *staple, size_t staple_len);

       int
       tls_config_add_keypair_file(struct tls_config *config,
	   const char *cert_file, const	char *key_file);

       int
       tls_config_add_keypair_mem(struct tls_config *config,
	   const uint8_t *cert,	     size_t cert_len,	   const uint8_t *key,
	   size_t key_len);

       int
       tls_config_add_keypair_ocsp_file(struct tls_config *config,
	   const char *cert_file,			 const char *key_file,
	   const char *staple_file);

       int
       tls_config_add_keypair_ocsp_mem(struct tls_config *config,
	   const uint8_t *cert,	     size_t cert_len,	   const uint8_t *key,
	   size_t key_len, const uint8_t *staple, size_t staple_len);

       void
       tls_config_clear_keys(struct tls_config *config);

       int
       tls_config_set_verify_depth(struct tls_config *config,
	   int verify_depth);

       void
       tls_config_verify_client(struct tls_config *config);

       void
       tls_config_verify_client_optional(struct	tls_config *config);

       const char *
       tls_default_ca_cert_file(void);

DESCRIPTION
       tls_load_file() loads a certificate or key from disk into memory	to  be
       used	with	tls_config_set_ca_mem(),    tls_config_set_cert_mem(),
       tls_config_set_crl_mem()	or tls_config_set_key_mem().   A  private  key
       will be decrypted if the	optional password argument is specified.

       tls_unload_file()  unloads the memory that was returned from an earlier
       tls_load_file() call, ensuring that the memory contents is discarded.

       tls_default_ca_cert_file() returns the path of the file	that  contains
       the default root	certificates.

       tls_config_set_ca_file()	loads a	file containing	the root certificates.

       tls_config_set_ca_path()	 sets  the  path  (directory)  which should be
       searched	for root certificates.

       tls_config_set_ca_mem() sets the	root certificates directly  from  mem-
       ory.

       tls_config_set_cert_file()  loads a file	containing the public certifi-
       cate.

       tls_config_set_cert_mem() sets the  public  certificate	directly  from
       memory.

       tls_config_set_crl_file() loads a file containing the Certificate Revo-
       cation List (CRL).

       tls_config_set_crl_mem()	sets the CRL directly from memory.

       tls_config_set_key_file() loads a file containing the private key.

       tls_config_set_key_mem()	directly sets the private key from memory.

       tls_config_set_ocsp_staple_file() loads a file containing a DER-encoded
       OCSP response to	be stapled during the TLS handshake.

       tls_config_set_ocsp_staple_mem()	sets a DER-encoded OCSP	response to be
       stapled during the TLS handshake	from memory.

       tls_config_set_keypair_file()  loads  two  files	 from which the	public
       certificate and private key will	be read.

       tls_config_set_keypair_mem() directly sets the public  certificate  and
       private key from	memory.

       tls_config_set_keypair_ocsp_file()  loads  three	 files	containing the
       public certificate, private key,	and DER-encoded	OCSP staple.

       tls_config_set_keypair_ocsp_mem() directly sets the public certificate,
       private key, and	DER-encoded OCSP staple	from memory.

       tls_config_add_keypair_file() adds an additional	public certificate and
       private key from	the specified files, used as an	 alternative  certifi-
       cate for	Server Name Indication (server only).

       tls_config_add_keypair_mem()  adds an additional	public certificate and
       private key from	memory,	used as	an alternative certificate for	Server
       Name Indication (server only).

       tls_config_add_keypair_ocsp_file()  adds	 an additional public certifi-
       cate, private key, and  DER-encoded  OCSP  staple  from	the  specified
       files,  used  as	 an alternative	certificate for	Server Name Indication
       (server only).

       tls_config_add_keypair_ocsp_mem() adds an  additional  public  certifi-
       cate,  private key, and DER-encoded OCSP	staple from memory, used as an
       alternative certificate for Server Name Indication (server only).

       tls_config_clear_keys() clears any secret keys from memory.

       tls_config_set_verify_depth() limits the	number	of  intermediate  cer-
       tificates that will be followed during certificate validation.

       tls_config_verify_client() enables client certificate verification, re-
       quiring the client to send a certificate	(server	only).

       tls_config_verify_client_optional()  enables client certificate verifi-
       cation, without requiring the client  to	 send  a  certificate  (server
       only).

RETURN VALUES
       tls_load_file() returns NULL on error or	an out of memory condition.

       The other functions return 0 on success or -1 on	error.

SEE ALSO
       tls_config_ocsp_require_stapling(3),	  tls_config_set_protocols(3),
       tls_config_set_session_id(3), tls_configure(3), tls_init(3)

HISTORY
       tls_config_set_ca_file(),		     tls_config_set_ca_path(),
       tls_config_set_cert_file(),		    tls_config_set_cert_mem(),
       tls_config_set_key_file(),	 tls_config_set_key_mem(),	   and
       tls_config_set_verify_depth() appeared in OpenBSD 5.6 and got their fi-
       nal names in OpenBSD 5.7.

       tls_load_file(),	 tls_config_set_ca_mem(),  and tls_config_clear_keys()
       appeared	in OpenBSD 5.7.

       tls_config_verify_client() and tls_config_verify_client_optional()  ap-
       peared in OpenBSD 5.9.

       tls_config_set_keypair_file() and tls_config_set_keypair_mem() appeared
       in     OpenBSD	  6.0,	   and	  tls_config_add_keypair_file()	   and
       tls_config_add_keypair_mem() in OpenBSD 6.1.

       tls_config_set_crl_file()  and  tls_config_set_crl_mem()	 appeared   in
       OpenBSD 6.2.

AUTHORS
       Joel Sing <jsing@openbsd.org> with contributions	from
       Ted Unangst <tedu@openbsd.org> and
       Bob Beck	<beck@openbsd.org>.

       tls_load_file() and tls_config_set_ca_mem() were	written	by
       Reyk Floeter <reyk@openbsd.org>.

FreeBSD	Ports 14.quarterly	January	1, 2022		      TLS_LOAD_FILE(3)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=tls_unload_file&sektion=3&manpath=FreeBSD+Ports+14.3.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
