diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2015-02-16 13:44:22 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2015-03-25 14:19:04 +0000 |
commit | 2011b169fa90edd4d986e7dbbd3d64587d316a22 (patch) | |
tree | 829080631b83a40ab3843a533efb2677bd6c52b6 /doc | |
parent | 9837bfbfc7a53dd531081b4ba8fe369d9c99116e (diff) | |
download | openssl-2011b169fa90edd4d986e7dbbd3d64587d316a22.tar.gz |
Support key loading from certificate file
Support loading of key and certificate from the same file if
SSL_CONF_FLAG_REQUIRE_PRIVATE is set. This is done by remembering the
filename used for each certificate type and attempting to load a private
key from the file when SSL_CONF_CTX_finish is called.
Update docs.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/ssl/SSL_CONF_CTX_set_flags.pod | 7 | ||||
-rw-r--r-- | doc/ssl/SSL_CONF_cmd.pod | 6 |
2 files changed, 10 insertions, 3 deletions
diff --git a/doc/ssl/SSL_CONF_CTX_set_flags.pod b/doc/ssl/SSL_CONF_CTX_set_flags.pod index 4e34280469..fdff4706c7 100644 --- a/doc/ssl/SSL_CONF_CTX_set_flags.pod +++ b/doc/ssl/SSL_CONF_CTX_set_flags.pod @@ -40,6 +40,13 @@ both of these flags must be set. recognise certificate and private key options. +=item SSL_CONF_FLAG_REQUIRE_PRIVATE + +If this option is set then if a private key is not specified for a certificate +it will attempt to load a private key from the certificate file when +SSL_CONF_CTX_finish() is called. If a key cannot be loaded from the certificate +file an error occurs. + =item SSL_CONF_FLAG_SHOW_ERRORS indicate errors relating to unrecognised options or missing arguments in diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index 90a20d6c49..c4f1309c03 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -101,7 +101,7 @@ are permitted. Attempts to use the file B<value> as the private key for the appropriate context. This option is only supported if certificate operations are permitted. Note: if no B<-key> option is set then a private key is -not loaded: it does not currently use the B<-cert> file. +not loaded unless the flag B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set. =item B<-dhparam> @@ -192,8 +192,8 @@ are permitted. Attempts to use the file B<value> as the private key for the appropriate context. This option is only supported if certificate operations -are permitted. Note: if no B<-key> option is set then a private key is -not loaded: it does not currently use the B<Certificate> file. +are permitted. Note: if no B<PrivateKey> option is set then a private key is +not loaded unless the B<SSL_CONF_FLAG_REQUIRE_PRIVATE> is set. =item B<ServerInfoFile> |