#include
void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
int pem_passwd_cb(char *buf, int size, int rwflag, void *userdata);
_S_S_L___C_T_X___s_e_t___d_e_f_a_u_l_t___p_a_s_s_w_d___c_b___u_s_e_r_d_a_t_a_(_) sets a pointer to uusseerrddaattaa which will be provided to the password callback on invocation.
The _p_e_m___p_a_s_s_w_d___c_b_(_), which must be provided by the application, hands back the password to be used during decryption. On invocation a pointer to uusseerrddaattaa is provided. The pem_passwd_cb must write the password into the provided buffer bbuuff which is of size ssiizzee. The actual length of the password must be returned to the calling function. rrwwffllaagg indicates whether the callback is used for reading/decryption (rwflag=0) or writing/encryption (rwflag=1).
When asking for the password interactively, _p_e_m___p_a_s_s_w_d___c_b_(_) can use rrwwffllaagg to check, whether an item shall be encrypted (rwflag=1). In this case the password dialog may ask for the same password twice for comparison in order to catch typos, that would make decryption impossible.
Other items in PEM formatting (certificates) can also be encrypted, it is however not usual, as certificate information is considered public.
int pem_passwd_cb(char *buf, int size, int rwflag, void *password)
{
strncpy(buf, (char *)(password), size);
buf[size - 1] = '\0';
return(strlen(buf));
}