]> git.ipfire.org Git - thirdparty/openssl.git/blame - doc/man3/SSL_CTX_add_extra_chain_cert.pod
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix typo in CONTRIBUTING.md
[thirdparty/openssl.git] / doc / man3 / SSL_CTX_add_extra_chain_cert.pod
CommitLineData
66ebbb6a
LJ		 1=pod
2
3=head1 NAME
4
dc703d6b
AS		 5SSL_CTX_add_extra_chain_cert,
6SSL_CTX_get_extra_chain_certs,
7SSL_CTX_get_extra_chain_certs_only,
8SSL_CTX_clear_extra_chain_certs
9- add, get or clear extra chain certificates
66ebbb6a
LJ		 10
11=head1 SYNOPSIS
12
13 #include <openssl/ssl.h>
14
2fd7fb99 15 long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
dc703d6b
AS		 16 long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
17 long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
2fd7fb99 18 long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
66ebbb6a
LJ		 19
20=head1 DESCRIPTION
21
2fd7fb99
DSH		 22SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
23certificates associated with B<ctx>. Several certificates can be added one
24after another.
25
dc703d6b
AS		 26SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
27associated with B<ctx>, or the chain associated with the current certificate
28of B<ctx> if the extra chain is empty.
495a1e5c 29The returned stack should not be freed by the caller.
dc703d6b
AS		 30
31SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
32associated with B<ctx>.
495a1e5c 33The returned stack should not be freed by the caller.
dc703d6b 34
2fd7fb99
DSH		 35SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
36associated with B<ctx>.
37
38These functions are implemented as macros.
66ebbb6a
LJ		 39
40=head1 NOTES
41
2fd7fb99
DSH		 42When sending a certificate chain, extra chain certificates are sent in order
43following the end entity certificate.
44
45If no chain is specified, the library will try to complete the chain from the
46available CA certificates in the trusted CA storage, see
9b86974e 47L<SSL_CTX_load_verify_locations(3)>.
66ebbb6a 48
2fd7fb99
DSH		 49The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
50freed by the library when the B<SSL_CTX> is destroyed. An application
51B<should not> free the B<x509> object.
0535c2d6 52
eeb15452
DSH		 53=head1 RESTRICTIONS
54
55Only one set of extra chain certificates can be specified per SSL_CTX
56structure. Different chains for different certificates (for example if both
57RSA and DSA certificates are specified by the same server) or different SSL
58structures with the same parent SSL_CTX cannot be specified using this
59function. For more flexibility functions such as SSL_add1_chain_cert() should
60be used instead.
61
66ebbb6a
LJ		 62=head1 RETURN VALUES
63
2fd7fb99
DSH		 64SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
651 on success and 0 for failure. Check out the error stack to find out the
66reason for failure.
66ebbb6a
LJ		 67
68=head1 SEE ALSO
69
b97fdb57 70L<ssl(7)>,
9b86974e
RS		 71L<SSL_CTX_use_certificate(3)>,
72L<SSL_CTX_set_client_cert_cb(3)>,
73L<SSL_CTX_load_verify_locations(3)>
74L<SSL_CTX_set0_chain(3)>
75L<SSL_CTX_set1_chain(3)>
76L<SSL_CTX_add0_chain_cert(3)>
77L<SSL_CTX_add1_chain_cert(3)>
78L<SSL_set0_chain(3)>
79L<SSL_set1_chain(3)>
80L<SSL_add0_chain_cert(3)>
81L<SSL_add1_chain_cert(3)>
82L<SSL_CTX_build_cert_chain(3)>
83L<SSL_build_cert_chain(3)>
66ebbb6a 84
e2f92610
RS		 85=head1 COPYRIGHT
86
dc703d6b 87Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
e2f92610 88
4746f25a 89Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610
RS		 90this file except in compliance with the License. You can obtain a copy
91in the file LICENSE in the source distribution or at
92L<https://www.openssl.org/source/license.html>.
93
94=cut
A mirror of the official openssl repository