Pike v8.1 release 6

Method SSL.Context()->add_cert()


Method add_cert

void add_cert(Crypto.Sign.State key, array(string(8bit)) certs, array(string(8bit))|void extra_name_globs)
variant void add_cert(string(8bit) key, array(string(8bit)) certs, array(string(8bit))|void extra_name_globs)
variant void add_cert(CertificatePair cp)

Description

Add a certificate.

This function is used on both servers and clients to add a key and chain of certificates to the set of certificate candidates to use in find_cert().

On a server these are used in the normal initial handshake, while on a client they are only used if a server requests client certificate authentication.

Parameter key

Private key matching the first certificate in certs.

Supported key types are currently:

Crypto.RSA.State

Rivest-Shamir-Adelman.

Crypto.DSA.State

Digital Signing Algorithm.

Crypto.ECC.Curve.ECDSA

Elliptic Curve Digital Signing Algorithm.

This key MUST match the public key in the first certificate in certs.

Parameter certs

A chain of X509.v1 or X509.v3 certificates, with the local certificate first and root-most certificate last.

Parameter extra_name_globs

Further SNI globs (than the ones in the first certificate), that this certificate should be selected for. Typically used to set the default certificate(s) by specifying ({ "*" }).

The SNI globs are only relevant for server-side certificates.

Parameter cp

An alternative is to send an initialized CertificatePair.

Throws

The function performs various validations of the key and certs, and throws errors if the validation fails.

See also

find_cert()