	RSA BSAFE Micro Edition Suite	Streamlined security for mobile and embedded devices

Certificate Management Functions

This section describes the certificate management functions used to store, retrieve and manipulate certificate-related information. Some applications require that both a certificate and matching private key are loaded. If either is missing, the SSL protocol cannot use the private key or certificate for negotiation.

Typedefs
typedef int R_CDECL	SSL_CTX_CLIENT_CERT_CB_T (SSL ssl, void cpp, EVP_PKEY *kpp)
	The prototype for a user-defined client certificate callback function. More...
Functions
int R_CDECL	SSL_CTX_use_certificate (SSL_CTX ctx, SSLCERT x509)
	Binds a certificate to an SSL_CTX structure. More...
int R_CDECL	SSL_CTX_use_certificate_ASN1 (SSL_CTX ctx, unsigned char cert, long len)
	Binds a certificate in ASN.1 format to the SSL_CTX ctx. More...
int R_CDECL	SSL_use_certificate (SSL ssl, SSLCERT x509)
	Binds a certificate x509 to the SSL connection ssl. More...
int R_CDECL	SSL_use_certificate_ASN1 (SSL ssl, unsigned char buffer, long len)
	Binds a certificate data (in ASN.1 format) to the SSL connection ssl. More...
void R_CDECL	SSL_CTX_set_client_cert_cb (SSL_CTX ctx, SSL_CTX_CLIENT_CERT_CB_T cb)
	Sets the client certificate callback for the SSL_CTX ctx. More...
SSL_CTX_CLIENT_CERT_CB_T* R_CDECL	SSL_CTX_get_client_cert_cb (SSL_CTX *ctx)
	Returns the application-supplied client certificate callback from the relevant ctx reference. More...

Typedef Documentation

typedef int R_CDECL SSL_CTX_CLIENT_CERT_CB_T(SSL *ssl, void **cpp, EVP_PKEY **kpp)

The prototype for a user-defined client certificate callback function. The callback is used by the client when a server requests a client certificate. It is best used in situations where the user is required to select from various client certificates. If a certificate and private key are to be sent by the callback, they are returned via the argument list.
Parameters:

ssl [In] The SSL connection reference.

cpp [In] A pointer to the X.509 reference to update.

kpp [In] A pointer to the EVP_PKEY reference to update.

Returns:
-1 indicates re-try.
1 indicates use certificate and EVP_PKEY provided by callback.
0 indicates a client certificate should not be sent.
See also:
SSL_CTX_set_client_cert_cb() and SSL_CTX_get_client_cert_cb().

Function Documentation

SSL_CTX_CLIENT_CERT_CB_T* R_CDECL SSL_CTX_get_client_cert_cb ( SSL_CTX * ctx ) ;

Returns the application-supplied client certificate callback from the relevant ctx reference. The callback is best used in situations where the user is required to select from various client certificates.
Parameters:

ctx [In] The SSL_CTX reference from which to retrieve the callback.

Returns:
The client certificate callback if available.
NULL indicates error.
See also:
SSL_CTX_set_client_cert_cb().

void R_CDECL SSL_CTX_set_client_cert_cb ( SSL_CTX * ctx,

SSL_CTX_CLIENT_CERT_CB_T * cb

) ;

Sets the client certificate callback for the SSL_CTX ctx. This callback can be used to load a client certificate and key during the handshake. It is invoked if no client certificate or key has previously been loaded.
Parameters:

ctx [In, Out] The SSL_CTX against which to set the callback.

cb [In] The client certificate callback.

If the client_cert_cb is NULL, client certificates are not sent unless the certificate is already attached to the SSL structure.
See also:
SSL_CTX_get_client_cert_cb().

int R_CDECL SSL_CTX_use_certificate ( SSL_CTX * ctx,

SSLCERT * x509

) ;

Binds a certificate to an SSL_CTX structure. A certificate must be bound before any additional certificate operations can be performed. This certificate becomes the default certificate used by all SSL connections created for the SSL_CTX.
Parameters:

ctx [In] The SSL_CTX reference against which to set the default certificate.

x509 [In] The SSLCERT reference.

Returns:
1 indicates success.
0 indicates error.
See also:
SSL_CTX_use_certificate_ASN1() and SSL_use_certificate().
Samples:
bio_server.c, cache_server.c, nbio_server.c, p7ssl_server.c, sock_server.c, and ssl_server.c.

int R_CDECL SSL_CTX_use_certificate_ASN1 ( SSL_CTX * ctx,

unsigned char * cert,

long len

) ;

Binds a certificate in ASN.1 format to the SSL_CTX ctx.
Parameters:

ctx [In, Out] The SSL_CTX reference against which to set the certificate.

cert [In] A buffer containing the certificate in ASN.1 format.

len [In] The certificate buffer length.

Returns:
1 indicates success.
0 indicates error.

This is the default certificate for each SSL session if no certificate is bound to the SSL structure.
See also:
SSL_CTX_use_certificate() and SSL_use_certificate_ASN1().

int R_CDECL SSL_use_certificate ( SSL * ssl,

SSLCERT * x509

) ;

Binds a certificate x509 to the SSL connection ssl. A certificate loaded via this function is used to identify the owner of the SSL connection and must be loaded before the SSL connection can successfully respond to a certificate request.
Parameters:

ssl [In] The SSL connection reference against which to set the certificate.

x509 [In] The SSLCERT reference.

Returns:
1 indicates success.
<= 0 indicates error.
See also:
SSL_CTX_use_certificate().

int R_CDECL SSL_use_certificate_ASN1 ( SSL * ssl,

unsigned char * data,

long len

) ;

Binds a certificate data (in ASN.1 format) to the SSL connection ssl. A certificate must be loaded before any additional certificate operations can be performed.
Parameters:

ssl [In, Out] The SSL connection reference against which to set a certificate.

data [In] A buffer containing the certificate in ASN.1 format.

len [In] The length of certificate buffer data.

Returns:
1 indicates success.
<= 0 indicates error.
See also:
SSL_use_certificate() and SSL_CTX_use_certificate_ASN1().

Certificate Management Functions

Typedefs

Functions

Typedef Documentation

Function Documentation