SSL_CTX_set_default_passwd_cOpeSSL_CTX_set_default_passwd_cb(3)





NAME
       SSL_CTX_set_default_passwd_cb,
       SSL_CTX_set_default_passwd_cb_userdata - set passwd
       callback for encrypted PEM file handling

SYNOPSIS
        #include <openssl/ssl.h>

        void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
        void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

        int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);

DESCRIPTION
       SSL_CTX_set_default_passwd_cb() sets the default pass-
       word callback called when loading/storing a PEM certifi-
       cate with encryption.

       SSL_CTX_set_default_passwd_cb_userdata() sets a pointer
       to userdata which will be provided to the password call-
       back on invocation.

       The pem_passwd_cb(), which must be provided by the
       application, hands back the password to be used during
       decryption. On invocation a pointer to userdata is pro-
       vided. The pem_passwd_cb must write the password into
       the provided buffer buf which is of size size. The
       actual length of the password must be returned to the
       calling function. rwflag indicates whether the callback
       is used for reading/decryption (rwflag=0) or writ-
       ing/encryption (rwflag=1).

NOTES
       When loading or storing private keys, a password might
       be supplied to protect the private key. The way this
       password can be supplied may depend on the application.
       If only one private key is handled, it can be practical
       to have pem_passwd_cb() handle the password dialog
       interactively. If several keys have to be handled, it
       can be practical to ask for the password once, then keep
       it in memory and use it several times. In the last case,
       the password could be stored into the userdata storage
       and the pem_passwd_cb() only returns the password
       already stored.

       When asking for the password interactively,
       pem_passwd_cb() can use rwflag to check, whether an item
       shall be encrypted (rwflag=1).  In this case the pass-
       word dialog may ask for the same password twice for com-
       parison in order to catch typos, that would make decryp-
       tion impossible.

       Other items in PEM formatting (certificates) can also be
       encrypted, it is however not usual, as certificate
       information is considered public.

RETURN VALUES
       SSL_CTX_set_default_passwd_cb() and
       SSL_CTX_set_default_passwd_cb_userdata() do not provide
       diagnostic information.

EXAMPLES
       The following example returns the password provided as
       userdata to the calling function. The password is
       considered to be a '\0' terminated string. If the pass-
       word does not fit into the buffer, the password is trun-
       cated.

        int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
        {
         strncpy(buf, (char *)(password), size);
         buf[size - 1] = '\0';
         return(strlen(buf));
        }

SEE ALSO
       ssl(3), SSL_CTX_use_certificate(3)



0.9.7c                     2001SSL_CTX_set_default_passwd_cb(3)
