openssl/doc/man7/ossl_store-file.pod

=pod

=begin comment

This is a recommended way to describe OSSL_STORE loaders,
"ossl_store-{name}", where {name} is replaced with the name of the
scheme it implements, in man section 7.

=end comment

=head1 NAME

ossl_store-file - The store 'file' scheme loader

=head1 SYNOPSIS

=for comment generic

#include <openssl/store.h>

=head1 DESCRIPTION

Support for the 'file' scheme is built into C<libcrypto>.
Since files come in all kinds of formats and content types, the 'file'
scheme has its own layer of functionality called "file handlers",
which are used to try to decode diverse types of file contents.

In case a file is formatted as PEM, each called file handler receives
the PEM name (everything following any 'C<-----BEGIN >') as well as
possible PEM headers, together with the decoded PEM body.  Since PEM
formatted files can contain more than one object, the file handlers
are called upon for each such object.

If the file isn't determined to be formatted as PEM, the content is
loaded in raw form in its entirety and passed to the available file
handlers as is, with no PEM name or headers.

Each file handler is expected to handle PEM and non-PEM content as
appropriate.  Some may refuse non-PEM content for the sake of
determinism (for example, there are keys out in the wild that are
represented as an ASN.1 OCTET STRING.  In raw form, it's not easily
possible to distinguish those from any other data coming as an ASN.1
OCTET STRING, so such keys would naturally be accepted as PEM files
only).

=head1 NOTES

When needed, the 'file' scheme loader will require a pass phrase by
using the C<UI_METHOD> that was passed via OSSL_STORE_open().
This pass phrase is expected to be UTF-8 encoded, anything else will
give an undefined result.
The files made accessible through this loader are expected to be
standard compliant with regards to pass phrase encoding.
Files that aren't should be re-generated with a correctly encoded pass
phrase.
See L<passphrase-encoding(7)> for more information.

=head1 SEE ALSO

L<ossl_store(7)>, L<passphrase-encoding(7)>

=head1 COPYRIGHT

Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
STORE: split off the description of the 'file' scheme loader This includes a quick recommendation on how to name loader docmentation. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6350) 2018-05-25 02:44:45 +08:00			`=pod`

			`=begin comment`

			`This is a recommended way to describe OSSL_STORE loaders,`
			`"ossl_store-{name}", where {name} is replaced with the name of the`
			`scheme it implements, in man section 7.`

			`=end comment`

			`=head1 NAME`

			`ossl_store-file - The store 'file' scheme loader`

			`=head1 SYNOPSIS`

			`=for comment generic`

			`#include <openssl/store.h>`

			`=head1 DESCRIPTION`

			`Support for the 'file' scheme is built into C<libcrypto>.`
			`Since files come in all kinds of formats and content types, the 'file'`
			`scheme has its own layer of functionality called "file handlers",`
			`which are used to try to decode diverse types of file contents.`

			`In case a file is formatted as PEM, each called file handler receives`
			`the PEM name (everything following any 'C<-----BEGIN >') as well as`
			`possible PEM headers, together with the decoded PEM body. Since PEM`
			`formatted files can contain more than one object, the file handlers`
			`are called upon for each such object.`

			`If the file isn't determined to be formatted as PEM, the content is`
			`loaded in raw form in its entirety and passed to the available file`
			`handlers as is, with no PEM name or headers.`

			`Each file handler is expected to handle PEM and non-PEM content as`
			`appropriate. Some may refuse non-PEM content for the sake of`
			`determinism (for example, there are keys out in the wild that are`
			`represented as an ASN.1 OCTET STRING. In raw form, it's not easily`
			`possible to distinguish those from any other data coming as an ASN.1`
			`OCTET STRING, so such keys would naturally be accepted as PEM files`
			`only).`

			`=head1 NOTES`

			`When needed, the 'file' scheme loader will require a pass phrase by`
			`using the C<UI_METHOD> that was passed via OSSL_STORE_open().`
Document UTF-8 expectation for pass phrases passed to OSSL_STORE After some discussion, it was concluded that the better idea is to stipulate that the pass phrases passed to the OSSL_STORE API are expected to be UTF-8 encoded, and that all objects made accessible through OSSL_STORE URIs should adhere to this expectation (at the discretion of the loaders). Email ref: https://mta.openssl.org/pipermail/openssl-project/2018-June/000771.html Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6416) 2018-06-05 21:58:43 +08:00			`This pass phrase is expected to be UTF-8 encoded, anything else will`
			`give an undefined result.`
			`The files made accessible through this loader are expected to be`
			`standard compliant with regards to pass phrase encoding.`
			`Files that aren't should be re-generated with a correctly encoded pass`
			`phrase.`
STORE: split off the description of the 'file' scheme loader This includes a quick recommendation on how to name loader docmentation. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6350) 2018-05-25 02:44:45 +08:00			`See L<passphrase-encoding(7)> for more information.`

			`=head1 SEE ALSO`

			`L<ossl_store(7)>, L<passphrase-encoding(7)>`

			`=head1 COPYRIGHT`

			`Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.`

			`Licensed under the OpenSSL license (the "License"). You may not use`
			`this file except in compliance with the License. You can obtain a copy`
			`in the file LICENSE in the source distribution or at`
			`L<https://www.openssl.org/source/license.html>.`

			`=cut`