This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with the Mac OS X developer tools. The software or headers described may not be present on your Mac OS X installation until you install the developer tools package. This package is available on your Mac OS X installation DVD, and the latest versions can be downloaded from developer.apple.com.

For more information about the manual page format, see the manual page for manpages(5).

SSL_CTX_set_default_passwd_cb(3)                   OpenSSL                  SSL_CTX_set_default_passwd_cb(3)



NAME
       SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata - set passwd callback for
       encrypted PEM file handling

SYNOPSIS
        #include <openssl/ssl.h>

        void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
        void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);

        int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);

DESCRIPTION
       SSL_CTX_set_default_passwd_cb() sets the default password callback called when loading/storing a PEM
       certificate with encryption.

       SSL_CTX_set_default_passwd_cb_userdata() sets a pointer to userdata which will be provided to the
       password callback on invocation.

       The pem_passwd_cb(), which must be provided by the application, hands back the password to be used
       during decryption. On invocation a pointer to userdata is provided. The pem_passwd_cb must write the
       password into the provided buffer buf which is of size size. The actual length of the password must
       be returned to the calling function. rwflag indicates whether the callback is used for
       reading/decryption (rwflag=0) or writing/encryption (rwflag=1).

NOTES
       When loading or storing private keys, a password might be supplied to protect the private key. The
       way this password can be supplied may depend on the application. If only one private key is handled,
       it can be practical to have pem_passwd_cb() handle the password dialog interactively. If several keys
       have to be handled, it can be practical to ask for the password once, then keep it in memory and use
       it several times. In the last case, the password could be stored into the userdata storage and the
       pem_passwd_cb() only returns the password already stored.

       When asking for the password interactively, pem_passwd_cb() can use rwflag to check, whether an item
       shall be encrypted (rwflag=1).  In this case the password dialog may ask for the same password twice
       for comparison in order to catch typos, that would make decryption impossible.

       Other items in PEM formatting (certificates) can also be encrypted, it is however not usual, as
       certificate information is considered public.

RETURN VALUES
       SSL_CTX_set_default_passwd_cb() and SSL_CTX_set_default_passwd_cb_userdata() do not provide
       diagnostic information.

EXAMPLES
       The following example returns the password provided as userdata to the calling function. The password
       is considered to be a '\0' terminated string. If the password does not fit into the buffer, the
       password is truncated.

        int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
        {
         strncpy(buf, (char *)(password), size);
         buf[size - 1] = '\0';
         return(strlen(buf));
        }

SEE ALSO
       ssl(3), SSL_CTX_use_certificate(3)



0.9.7l                                           2001-07-11                 SSL_CTX_set_default_passwd_cb(3)