html %3cli%3c,refclicert.html

ne_ssl_client_cert

ne_ssl_client_cert
Prev	neon API reference	Next

---

Name

ne_ssl_clicert_read, ne_ssl_clicert_name, ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt, ne_ssl_clicert_owner, ne_ssl_clicert_free — SSL client certificate handling

Synopsis

#include <ne_ssl.h>

ne_ssl_client_cert *ne_ssl_clicert_read(

const char *

filename);

const char *ne_ssl_clicert_name(

const ne_ssl_client_cert *

ccert);

int ne_ssl_clicert_encrypted(

const ne_ssl_client_cert *

ccert);

int ne_ssl_clicert_decrypt(	ne_ssl_client_cert *	ccert,
	const char *	password);

const ne_ssl_certificate *ne_ssl_clicert_owner(

const ne_ssl_client_cert *

ccert);

void ne_ssl_clicert_free(

ne_ssl_client_cert *

ccert);

Description

The ne_ssl_clicert_read function reads

a client certificate from a

PKCS#12-formatted file, and returns an

ne_ssl_client_cert object. If the client

certificate is encrypted, it must be decrypted before it is used.

An ne_ssl_client_cert object holds a client

certificate and the associated private key, not just a

certificate; the term "client certificate"

will used to refer to this pair.

A client certificate can be in one of two states:

encrypted or decrypted.

The ne_ssl_clicert_encrypted function will

return non-zero if the client certificate is in the

encrypted state. A client certificate object

returned by ne_ssl_clicert_read may be

initially in either state, depending on whether the file was

encrypted or not.

ne_ssl_clicert_decrypt can be used to

decrypt a client certificate using the appropriate password. This

function must only be called if the object is in the

encrypted state; if decryption fails, the

certificate state does not change, so decryption can be attempted

more than once using different passwords.

A client certificate can be given a "friendly name" when it

is created; ne_ssl_clicert_name will return

this name (or NULL if no friendly name was specified).

ne_ssl_clicert_name can be used when the

client certificate is in either the encrypted or decrypted state,

and will return the same string for the lifetime of the

object.

The function ne_ssl_clicert_owner

returns the certificate part of the client certificate; it must

only be called if the client certificate is in the

decrypted state.

When the client certificate is no longer needed, the

ne_ssl_clicert_free function should be used

to destroy the object.

Return value

ne_ssl_clicert_read returns a client

certificate object, or NULL if the file could not be read.

ne_ssl_clicert_encrypted returns zero if the

object is in the decrypted state, or non-zero if it is in the

encrypted state. ne_ssl_clicert_name returns

a NUL-terminated friendly name string, or NULL.

ne_ssl_clicert_owner returns a certificate

object.

Examples

The following code reads a client certificate and decrypts

it if necessary, then loads it into an HTTP session.

ne_ssl_client_cert *ccert;

ccert = ne_ssl_clicert_read("/path/to/client.p12");

if (ccert == NULL) {

/* handle error... */

} else if (ne_ssl_clicert_encrypted(ccert)) {

char *password = prompt_for_password();

if (ne_ssl_clicert_decrypt(ccert, password)) {

/* could not decrypt! handle error... */

}

}

ne_ssl_set_clicert(sess, ccert);

See also

ne_ssl_cert_read

---

Prev	Up	Next
ne_ssl_set_verify	Home	ne_status