1.\" $OpenBSD: X509_load_cert_file.3,v 1.1 2021/11/09 16:23:04 schwarze Exp $ 2.\" 3.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.\" 17.Dd $Mdocdate: November 9 2021 $ 18.Dt X509_LOAD_CERT_FILE 3 19.Os 20.Sh NAME 21.Nm X509_load_cert_file , 22.Nm X509_load_crl_file , 23.Nm X509_load_cert_crl_file 24.Nd read, decode, and cache certificates and CRLs 25.Sh SYNOPSIS 26.In openssl/x509_vfy.h 27.Ft int 28.Fo X509_load_cert_file 29.Fa "X509_LOOKUP *ctx" 30.Fa "const char *file" 31.Fa "int type" 32.Fc 33.Ft int 34.Fo X509_load_crl_file 35.Fa "X509_LOOKUP *ctx" 36.Fa "const char *file" 37.Fa "int type" 38.Fc 39.Ft int 40.Fo X509_load_cert_crl_file 41.Fa "X509_LOOKUP *ctx" 42.Fa "const char *file" 43.Fa "int type" 44.Fc 45.Sh DESCRIPTION 46.Fn X509_load_cert_file 47with a 48.Fa type 49of 50.Dv X509_FILETYPE_PEM 51reads one or more certificates in PEM format from the given 52.Fa file 53using 54.Xr PEM_read_bio_X509_AUX 3 ; 55with a type of 56.Dv X509_FILETYPE_ASN1 , 57if reads one certificate in DER format using 58.Xr d2i_X509_bio 3 . 59The certificates read are added to the 60.Vt X509_STORE 61memory cache object associated with the given 62.Fa ctx 63using 64.Xr X509_STORE_add_cert 3 . 65.Pp 66.Fn X509_load_crl_file 67with a 68.Fa type 69of 70.Dv X509_FILETYPE_PEM 71reads one or more certificate revocation lists in PEM format from the given 72.Fa file 73using 74.Xr PEM_read_bio_X509_CRL 3 ; 75with a type of 76.Dv X509_FILETYPE_ASN1 , 77if reads one certificate revocation lists in DER format using 78.Xr d2i_X509_CRL_bio 3 . 79The certificate revocation lists read are added to the 80.Vt X509_STORE 81memory cache object associated with the given 82.Fa ctx 83using 84.Xr X509_STORE_add_crl 3 . 85.Pp 86.Fn X509_load_cert_crl_file 87with a 88.Fa type 89of 90.Dv X509_FILETYPE_PEM 91read one or more certificates and/or certificate revocation lists 92in PEM format from the given 93.Fa file 94using 95.Xr PEM_X509_INFO_read_bio 3 96and adds them to the 97.Vt X509_STORE 98memory cache object associated with the given 99.Fa ctx 100using 101.Xr X509_STORE_add_cert 3 102and 103.Xr X509_STORE_add_crl 3 , 104respectively. 105.Pp 106.Fn X509_load_cert_crl_file 107with a 108.Fa type 109of 110.Dv X509_FILETYPE_ASN1 111is equivalent to 112.Fn X509_load_cert_file 113and cannot be used to read a certificate revocation list. 114.Sh RETURN VALUES 115These functions return the number of objects loaded or 0 on error. 116.Sh SEE ALSO 117.Xr d2i_X509_bio 3 , 118.Xr PEM_read_PrivateKey 3 , 119.Xr X509_LOOKUP_new 3 , 120.Xr X509_OBJECT_get0_X509 3 , 121.Xr X509_STORE_load_locations 3 , 122.Xr X509_STORE_new 3 123.Sh HISTORY 124.Fn X509_load_cert_file 125first appeared in SSLeay 0.8.0 and 126.Fn X509_load_crl_file 127in SSLeay 0.9.0. 128These functions have been available since 129.Ox 2.4 . 130.Pp 131.Fn X509_load_cert_crl_file 132first appeared in OpenSSL 0.9.5 and has been available since 133.Ox 2.7 . 134