- ok, err, errcode = ssl:loadCAData(data)
- ok, err, errcode = ssl:loadCAFile(filename)
- ok, err, errcode = ssl:loadCADir(path)
- info = ssl:getCAInfo()
SYNOPSIS
DESCRIPTION
The certificate authority list contains certificates that can be used to verify the authenticity of a peer. If configured to require peer authentication (See ssl:setVerify()), then the peer's certificate will be checked against this list. Only if a match is found, the peer is accepted.
The certificate authority list data is public and does not need to be kept secure.
The system can load certificates in X509 PEM or BER format.
Loading a list of certificates is completely optional. If no list is loaded, peers cannot be authenticated. Not loading a list is common for web servers.
The function ssl:loadCAData() loads the certificate from the data passed in a string variable.
The second function, ssl:loadCAFile() instead loads the certificate directly from a file.
The third function, ssl:loadCADir() scans a directory and any subdirectory for certificate files and loads any it can find.
All loading functions can be called multiple times, each certificate is appended to the internal list.
The query function ssl:getCAInfo() returns some basic information about eacht certificate.
RETURN VALUE
The loading functions ssl:loadCAData(), ssl:loadCAFile() return true on success.
In case of an error they return three values: nil, a string describing the error and a negative error code from the underlying mbed TLS implementation.
The directory scanning function ssl:loadCADir() returns true on success. If there are errors, but at least one certificate was succesfully loaded, it returns a number that indicates how many certificates where in error. In case no certificate could be loaded, returns the same error triplet as above.
The info function ssl:getCAInfo() returns a nested table listing all loaded certificates.
info = { { ... certificate 1 data ... }, { ... certificate 2 data ... }, ... }Each entry is a nested table with the following key/value pairs:
valid_from | The earliest date that the certificate is valid |
valid_to | The latest date that the certificate is valid |
serial | The serial number of the certificate |
issuer | Information about the certificate issuer, see below |
subject | Information about the certificate subject, see below |
The fields issuer and subject are nested tables with more info. Following are the fields that may be present in the certificate. The table will only contain entries if there is actually data of that kind present. The table may contain additional items if the certificate has further data. The extra items are listed with their hexadecimal tag code.
CN | Common Name |
O | Organization |
OU | Organizational Unit |
L | Location |
S | State/Province |
C | Country |
R | Email address |