File: sslca.xml

package info (click to toggle)
neon27 0.36.0-1
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 2,836 kB
  • sloc: ansic: 27,754; xml: 4,634; makefile: 629; sh: 328
file content (81 lines) | stat: -rw-r--r-- 2,455 bytes parent folder | download | duplicates (21) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
    <refentry id="refsslca">

      <refmeta>
	<refentrytitle>ne_ssl_load_ca</refentrytitle>
	<manvolnum>3</manvolnum>
      </refmeta>

      <refnamediv>
	<refname id="ne_ssl_load_ca">ne_ssl_load_ca</refname>
	<refname id="ne_ssl_load_default_ca">ne_ssl_load_default_ca</refname>
	<refpurpose>load SSL Certificate Authorities</refpurpose>
      </refnamediv>
      
      <refsynopsisdiv>
	
	<funcsynopsis>

	  <funcsynopsisinfo>#include &lt;ne_session.h&gt;</funcsynopsisinfo>

	  <funcprototype>
	    <funcdef>int <function>ne_ssl_load_ca</function></funcdef>
	    <paramdef>ne_session *<parameter>session</parameter></paramdef>
	    <paramdef>const char *<parameter>filename</parameter></paramdef>
	  </funcprototype>

	  <funcprototype>
	    <funcdef>int <function>ne_ssl_load_default_ca</function></funcdef>
	    <paramdef>ne_session *<parameter>session</parameter></paramdef>
	  </funcprototype>

	</funcsynopsis>
	
      </refsynopsisdiv>

      <refsect1>
	<title>Description</title>

	<para>To indicate that a given CA certificate is trusted by the user,
the certificate can be loaded using the <function>ne_ssl_load_ca</function>
function.  The <parameter>filename</parameter> parameter given must specify
the location of a PEM-encoded CA certificate.</para>

	<para>The SSL library in use by neon may include a default set
of CA certificates; calling the
<function>ne_ssl_load_default_ca</function> function will indicate
that these CAs are trusted by the user.</para>

	<para>If no CA certificates are loaded, or the server presents
a certificate which is invalid in some way, then the certificate must
be manually verified (see <xref linkend="ne_ssl_set_verify"/>), otherwise the
connection will fail.</para>

      </refsect1>

      <refsect1>
	<title>Return value</title>

	<para>Both <function>ne_ssl_load_ca</function> and
<function>ne_ssl_load_default_ca</function> functions return
<literal>0</literal> on success, or non-zero on failure.</para>

      </refsect1>

      <refsect1>
	<title>Examples</title>

	<para>Load the CA certificate stored in <filename>/path/to/cacert.pem</filename>:</para>
	<programlisting>&egsess;

if (ne_ssl_load_ca(sess, "/path/to/cacert.pem")) {
   printf("Could not load CA cert: %s\n", ne_get_error(sess));
}</programlisting>
      </refsect1>

      <refsect1>
	<title>See also</title>

	<para><xref linkend="ne_get_error"/>, <xref
	linkend="ne_ssl_set_verify"/></para> </refsect1>

    </refentry>