SSL_load_client_CA_file.3ossl - Man Page

load certificate names


 #include <openssl/ssl.h>

 STACK_OF(X509_NAME) *SSL_load_client_CA_file_ex(const char *file,
                                                 OSSL_LIB_CTX *libctx,
                                                 const char *propq);
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);

 int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                         const char *file);
 int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                        const char *dir);
 int SSL_add_store_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
                                          const char *store);


SSL_load_client_CA_file_ex() reads certificates from file and returns a STACK_OF(X509_NAME) with the subject names found. The library context libctx and property query propq are used when fetching algorithms from providers.

SSL_load_client_CA_file() is similar to SSL_load_client_CA_file_ex() but uses NULL for the library context libctx and property query propq.

SSL_add_file_cert_subjects_to_stack() reads certificates from file, and adds their subject name to the already existing stack.

SSL_add_dir_cert_subjects_to_stack() reads certificates from every file in the directory dir, and adds their subject name to the already existing stack.

SSL_add_store_cert_subjects_to_stack() loads certificates from the store URI, and adds their subject name to the already existing stack.


SSL_load_client_CA_file() reads a file of PEM formatted certificates and extracts the X509_NAMES of the certificates found. While the name suggests the specific usage as support function for SSL_CTX_set_client_CA_list(3), it is not limited to CA certificates.

Return Values

The following return values can occur:


The operation failed, check out the error stack for the reason.

Pointer to STACK_OF(X509_NAME)

Pointer to the subject names of the successfully read certificates.


Load names of CAs from file and use it as a client CA list:

 SSL_CTX *ctx;
 STACK_OF(X509_NAME) *cert_names;

 cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
 if (cert_names != NULL)
     SSL_CTX_set_client_CA_list(ctx, cert_names);
     /* error */

See Also

ssl(7), ossl_store(7), SSL_CTX_set_client_CA_list(3)


SSL_load_client_CA_file_ex() and SSL_add_store_cert_subjects_to_stack() were added in OpenSSL 3.0.

Referenced By

migration_guide.7ossl(7), SSL_CTX_set0_CA_list.3ossl(3).

The man pages SSL_add_dir_cert_subjects_to_stack.3ossl(3), SSL_add_file_cert_subjects_to_stack.3ossl(3), SSL_add_store_cert_subjects_to_stack.3ossl(3) and SSL_load_client_CA_file_ex.3ossl(3) are aliases of SSL_load_client_CA_file.3ossl(3).

2023-03-21 3.0.8 OpenSSL