Current File : //usr/share/doc/neon-0.30.0/html/refclicert.html
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>ne_ssl_client_cert</title><link rel="stylesheet" type="text/css" href="../manual.css"><meta name="generator" content="DocBook XSL Stylesheets V1.78.1"><link rel="home" href="index.html" title="neon HTTP/WebDAV client library"><link rel="up" href="ref.html" title="neon API reference"><link rel="prev" href="refsslvfy.html" title="ne_ssl_set_verify"><link rel="next" href="refstatus.html" title="ne_status"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">ne_ssl_client_cert</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="refsslvfy.html">Prev</a> </td><th width="60%" align="center">neon API reference</th><td width="20%" align="right"> <a accesskey="n" href="refstatus.html">Next</a></td></tr></table><hr></div><div class="refentry"><a name="refclicert"></a><div class="titlepage"></div><div class="refnamediv"><h2>Name</h2><p>ne_ssl_clicert_read, ne_ssl_clicert_name, ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt, ne_ssl_clicert_owner, ne_ssl_clicert_free — SSL client certificate handling</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><div class="funcsynopsis"><pre class="funcsynopsisinfo">#include <ne_ssl.h></pre><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">ne_ssl_client_cert *<b class="fsfunc">ne_ssl_clicert_read</b>(</code></td><td>const char *<var class="pdparam">filename</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">const char *<b class="fsfunc">ne_ssl_clicert_name</b>(</code></td><td>const ne_ssl_client_cert *<var class="pdparam">ccert</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">int <b class="fsfunc">ne_ssl_clicert_encrypted</b>(</code></td><td>const ne_ssl_client_cert *<var class="pdparam">ccert</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">int <b class="fsfunc">ne_ssl_clicert_decrypt</b>(</code></td><td>ne_ssl_client_cert *<var class="pdparam">ccert</var>, </td></tr><tr><td> </td><td>const char *<var class="pdparam">password</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">const ne_ssl_certificate *<b class="fsfunc">ne_ssl_clicert_owner</b>(</code></td><td>const ne_ssl_client_cert *<var class="pdparam">ccert</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div><table border="0" class="funcprototype-table" summary="Function synopsis" style="cellspacing: 0; cellpadding: 0;"><tr><td><code class="funcdef">void <b class="fsfunc">ne_ssl_clicert_free</b>(</code></td><td>ne_ssl_client_cert *<var class="pdparam">ccert</var><code>)</code>;</td></tr></table><div class="funcprototype-spacer"> </div></div></div><div class="refsect1"><a name="idm140368849278752"></a><h2>Description</h2><p>The <code class="function">ne_ssl_clicert_read</code> function reads
a <em class="firstterm">client certificate</em> from a
PKCS#12-formatted file, and returns an
<em class="type">ne_ssl_client_cert</em> object. If the client
certificate is encrypted, it must be decrypted before it is used.
An <em class="type">ne_ssl_client_cert</em> object holds a client
certificate and the associated private key, not just a
certificate; the term "<em class="glossterm">client certificate</em>"
will used to refer to this pair.</p><p>A client certificate can be in one of two states:
<span class="emphasis"><em>encrypted</em></span> or <span class="emphasis"><em>decrypted</em></span>.
The <code class="function">ne_ssl_clicert_encrypted</code> function will
return non-zero if the client certificate is in the
<span class="emphasis"><em>encrypted</em></span> state. A client certificate object
returned by <code class="function">ne_ssl_clicert_read</code> may be
initially in either state, depending on whether the file was
encrypted or not.</p><p><code class="function">ne_ssl_clicert_decrypt</code> can be used to
decrypt a client certificate using the appropriate password. This
function must only be called if the object is in the
<span class="emphasis"><em>encrypted</em></span> state; if decryption fails, the
certificate state does not change, so decryption can be attempted
more than once using different passwords.</p><p>A client certificate can be given a "friendly name" when it
is created; <code class="function">ne_ssl_clicert_name</code> will return
this name (or <code class="literal">NULL</code> if no friendly name was specified).
<code class="function">ne_ssl_clicert_name</code> can be used when the
client certificate is in either the encrypted or decrypted state,
and will return the same string for the lifetime of the
object.</p><p>The function <code class="function">ne_ssl_clicert_owner</code>
returns the certificate part of the client certificate; it must
only be called if the client certificate is in the
<span class="emphasis"><em>decrypted</em></span> state.</p><p>When the client certificate is no longer needed, the
<code class="function">ne_ssl_clicert_free</code> function should be used
to destroy the object.</p></div><div class="refsect1"><a name="idm140368849265552"></a><h2>Return value</h2><p><code class="function">ne_ssl_clicert_read</code> returns a client
certificate object, or <code class="literal">NULL</code> if the file could not be read.
<code class="function">ne_ssl_clicert_encrypted</code> returns zero if the
object is in the decrypted state, or non-zero if it is in the
encrypted state. <code class="function">ne_ssl_clicert_name</code> returns
a <code class="literal">NUL</code>-terminated friendly name string, or <code class="literal">NULL</code>.
<code class="function">ne_ssl_clicert_owner</code> returns a certificate
object.</p></div><div class="refsect1"><a name="idm140368849260032"></a><h2>Examples</h2><p>The following code reads a client certificate and decrypts
it if necessary, then loads it into an HTTP session.</p><pre class="programlisting">ne_ssl_client_cert *ccert;
ccert = ne_ssl_clicert_read("/path/to/client.p12");
if (ccert == NULL) {
/* handle error... */
} else if (ne_ssl_clicert_encrypted(ccert)) {
char *password = prompt_for_password();
if (ne_ssl_clicert_decrypt(ccert, password)) {
/* could not decrypt! handle error... */
}
}
ne_ssl_set_clicert(sess, ccert);
</pre></div><div class="refsect1"><a name="idm140368849257760"></a><h2>See also</h2><p><a class="xref" href="refsslcertio.html#ne_ssl_cert_read">ne_ssl_cert_read</a></p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="refsslvfy.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="ref.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="refstatus.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">ne_ssl_set_verify </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> ne_status</td></tr></table></div></body></html>
Mini Shell