SSL_CTX_set_default_passwd_cb(3)
- NetBSD Manual Pages
SSL_CTX_set_default_passwd_cbOpenSSL_CTX_set_default_passwd_cb(3)
NAME
SSL_CTX_set_default_passwd_cb,
SSL_CTX_set_default_passwd_cb_userdata - set passwd call-
back for encrypted PEM file handling
LIBRARY
libcrypto, -lcrypto
SYNOPSIS
#include <openssl/ssl.h>
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
DESCRIPTION
SSL_CTX_set_default_passwd_cb() sets the default password
callback called when loading/storing a PEM certificate
with encryption.
SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to
userdata which will be provided to the password callback
on invocation.
The pem_passwd_cb(), which must be provided by the appli-
cation, hands back the password to be used during decryp-
tion. On invocation a pointer to userdata is provided. The
pem_passwd_cb must write the password into the provided
buffer buf which is of size size. The actual length of the
password must be returned to the calling function. rwflag
indicates whether the callback is used for reading/decryp-
tion (rwflag=0) or writing/encryption (rwflag=1).
NOTES
When loading or storing private keys, a password might be
supplied to protect the private key. The way this password
can be supplied may depend on the application. If only one
private key is handled, it can be practical to have
pem_passwd_cb() handle the password dialog interactively.
If several keys have to be handled, it can be practical to
ask for the password once, then keep it in memory and use
it several times. In the last case, the password could be
stored into the userdata storage and the pem_passwd_cb()
only returns the password already stored.
When asking for the password interactively,
pem_passwd_cb() can use rwflag to check, whether an item
shall be encrypted (rwflag=1). In this case the password
dialog may ask for the same password twice for comparison
in order to catch typos, that would make decryption impos-
sible.
2002-06-10 0.9.6g 1
SSL_CTX_set_default_passwd_cbOpenSSL_CTX_set_default_passwd_cb(3)
Other items in PEM formatting (certificates) can also be
encrypted, it is however not usual, as certificate infor-
mation is considered public.
RETURN VALUES
SSL_CTX_set_default_passwd_cb() and
SSL_CTX_set_default_passwd_cb_userdata() do not provide
diagnostic information.
EXAMPLES
The following example returns the password provided as
userdata to the calling function. The password is consid-
ered to be a '\0' terminated string. If the password does
not fit into the buffer, the password is truncated.
int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
{
strncpy(buf, (char *)(password), size);
buf[size - 1] = '\0';
return(strlen(buf));
}
SEE ALSO
ssl(3), SSL_CTX_use_certificate(3)
2002-06-10 0.9.6g 2
Powered by man-cgi (2024-03-20).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.