I would appreciate any donations. Wishlist or send e-mail type donations to maekawa AT daemon-systems.org.

Thank you.


SSL_CTX_set0_CA_list(3)             OpenSSL            SSL_CTX_set0_CA_list(3)



NAME
       SSL_set0_CA_list, SSL_CTX_set0_CA_list, SSL_get0_CA_list,
       SSL_CTX_get0_CA_list, SSL_add1_to_CA_list, SSL_CTX_add1_to_CA_list,
       SSL_get0_peer_CA_list - get or set CA list

LIBRARY
       libcrypto, -lcrypto

SYNOPSIS
        #include <openssl/ssl.h>

        void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
        void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
        const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
        const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
        int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
        int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);

        const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);

DESCRIPTION
       SSL_CTX_set0_CA_list() sets the list of CAs to be sent to the peer to
       name_list. Ownership of name_list is transferred to ctx and it should
       not be freed by the caller.

       SSL_set0_CA_list() sets the list of CAs to be sent to the peer to
       name_list overriding any list set in the parent SSL_CTX of s. Ownership
       of name_list is transferred to s and it should not be freed by the
       caller.

       SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
       ctx.

       SSL_CTX_get0_CA_list() retrieves any previously set list of CAs set for
       s or if none are set the list from the parent SSL_CTX is retrieved.

       SSL_CTX_add1_to_CA_list() appends the CA subject name extracted from x
       to the list of CAs sent to peer for ctx.

       SSL_add1_to_CA_list() appends the CA subject name extracted from x to
       the list of CAs sent to the peer for s, overriding the setting in the
       parent SSL_CTX.

       SSL_get0_peer_CA_list() retrieves the list of CA names (if any) the
       peer has sent.

NOTES
       These functions are generalised versions of the client authentication
       CA list functions such as SSL_CTX_set_client_CA_list(3).

       For TLS versions before 1.3 the list of CA names is only sent from the
       server to client when requesting a client certificate. So any list of
       CA names set is never sent from client to server and the list of CA
       names retrieved by SSL_get0_peer_CA_list() is always NULL.

       For TLS 1.3 the list of CA names is sent using the
       certificate_authorities extension and will be sent by a client (in the
       ClientHello message) or by a server (when requesting a certificate).

RETURN VALUES
       SSL_CTX_set0_CA_list() and SSL_set0_CA_list() do not return a value.

       SSL_CTX_get0_CA_list() and SSL_get0_CA_list() return a stack of CA
       names or NULL is no CA names are set.

       SSL_CTX_add1_to_CA_list() and SSL_add1_to_CA_list() return 1 for
       success and 0 for failure.

       SSL_get0_peer_CA_list() returns a stack of CA names sent by the peer or
       NULL or an empty stack if no list was sent.

SEE ALSO
       ssl(7), SSL_CTX_set_client_CA_list(3), SSL_get_client_CA_list(3),
       SSL_load_client_CA_file(3), SSL_CTX_load_verify_locations(3)

COPYRIGHT
       Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the OpenSSL license (the "License").  You may not use
       this file except in compliance with the License.  You can obtain a copy
       in the file LICENSE in the source distribution or at
       <https://www.openssl.org/source/license.html>.



1.1.1                             2018-09-17           SSL_CTX_set0_CA_list(3)