[thirdparty/openssl.git] / doc / man3 / SSL_CTX_add_extra_chain_cert.pod

=pod

=head1 NAME

SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
extra chain certificates

=head1 SYNOPSIS

 #include <openssl/ssl.h>

 long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
 long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);

=head1 DESCRIPTION

SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
certificates associated with B<ctx>. Several certificates can be added one
after another.

SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
associated with B<ctx>.

These functions are implemented as macros.

=head1 NOTES

When sending a certificate chain, extra chain certificates are sent in order
following the end entity certificate.

If no chain is specified, the library will try to complete the chain from the
available CA certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)>.

The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
freed by the library when the B<SSL_CTX> is destroyed. An application
B<should not> free the B<x509> object.

=head1 RESTRICTIONS

Only one set of extra chain certificates can be specified per SSL_CTX
structure. Different chains for different certificates (for example if both
RSA and DSA certificates are specified by the same server) or different SSL
structures with the same parent SSL_CTX cannot be specified using this
function. For more flexibility functions such as SSL_add1_chain_cert() should
be used instead.

=head1 RETURN VALUES

SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
1 on success and 0 for failure. Check out the error stack to find out the
reason for failure.

=head1 SEE ALSO

L<ssl(7)>,
L<SSL_CTX_use_certificate(3)>,
L<SSL_CTX_set_client_cert_cb(3)>,
L<SSL_CTX_load_verify_locations(3)>
L<SSL_CTX_set0_chain(3)>
L<SSL_CTX_set1_chain(3)>
L<SSL_CTX_add0_chain_cert(3)>
L<SSL_CTX_add1_chain_cert(3)>
L<SSL_set0_chain(3)>
L<SSL_set1_chain(3)>
L<SSL_add0_chain_cert(3)>
L<SSL_add1_chain_cert(3)>
L<SSL_CTX_build_cert_chain(3)>
L<SSL_build_cert_chain(3)>

=head1 COPYRIGHT

Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the OpenSSL license (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
66ebbb6a LJ	1	=pod
	2
	3	=head1 NAME
	4
2fd7fb99 DSH	5	SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
2fd7fb99 DSH	6	extra chain certificates
66ebbb6a LJ	7
	8	=head1 SYNOPSIS
	9
	10	#include <openssl/ssl.h>
	11
2fd7fb99 DSH	12	long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 x509);
2fd7fb99 DSH	13	long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
66ebbb6a LJ	14
	15	=head1 DESCRIPTION
	16
2fd7fb99 DSH	17	SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
	18	certificates associated with B<ctx>. Several certificates can be added one
	19	after another.
	20
	21	SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
	22	associated with B<ctx>.
	23
	24	These functions are implemented as macros.
66ebbb6a LJ	25
	26	=head1 NOTES
	27
2fd7fb99 DSH	28	When sending a certificate chain, extra chain certificates are sent in order
	29	following the end entity certificate.
	30
	31	If no chain is specified, the library will try to complete the chain from the
	32	available CA certificates in the trusted CA storage, see
9b86974e	33	L<SSL_CTX_load_verify_locations(3)>.
66ebbb6a	34
2fd7fb99 DSH	35	The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
	36	freed by the library when the B<SSL_CTX> is destroyed. An application
	37	B<should not> free the B<x509> object.
0535c2d6	38
eeb15452 DSH	39	=head1 RESTRICTIONS
	40
	41	Only one set of extra chain certificates can be specified per SSL_CTX
	42	structure. Different chains for different certificates (for example if both
	43	RSA and DSA certificates are specified by the same server) or different SSL
	44	structures with the same parent SSL_CTX cannot be specified using this
	45	function. For more flexibility functions such as SSL_add1_chain_cert() should
	46	be used instead.
	47
66ebbb6a LJ	48	=head1 RETURN VALUES
66ebbb6a LJ	49
2fd7fb99 DSH	50	SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
	51	1 on success and 0 for failure. Check out the error stack to find out the
	52	reason for failure.
66ebbb6a LJ	53
	54	=head1 SEE ALSO
	55
b97fdb57	56	L<ssl(7)>,
9b86974e RS	57	L<SSL_CTX_use_certificate(3)>,
	58	L<SSL_CTX_set_client_cert_cb(3)>,
	59	L<SSL_CTX_load_verify_locations(3)>
	60	L<SSL_CTX_set0_chain(3)>
	61	L<SSL_CTX_set1_chain(3)>
	62	L<SSL_CTX_add0_chain_cert(3)>
	63	L<SSL_CTX_add1_chain_cert(3)>
	64	L<SSL_set0_chain(3)>
	65	L<SSL_set1_chain(3)>
	66	L<SSL_add0_chain_cert(3)>
	67	L<SSL_add1_chain_cert(3)>
	68	L<SSL_CTX_build_cert_chain(3)>
	69	L<SSL_build_cert_chain(3)>
66ebbb6a	70
e2f92610 RS	71	=head1 COPYRIGHT
	72
	73	Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
	74
	75	Licensed under the OpenSSL license (the "License"). You may not use
	76	this file except in compliance with the License. You can obtain a copy
	77	in the file LICENSE in the source distribution or at
	78	L<https://www.openssl.org/source/license.html>.
	79
	80	=cut