]>
Commit | Line | Data |
---|---|---|
66ebbb6a LJ |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
2fd7fb99 DSH |
5 | SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear |
6 | extra chain certificates | |
66ebbb6a LJ |
7 | |
8 | =head1 SYNOPSIS | |
9 | ||
10 | #include <openssl/ssl.h> | |
11 | ||
2fd7fb99 DSH |
12 | long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); |
13 | long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); | |
66ebbb6a LJ |
14 | |
15 | =head1 DESCRIPTION | |
16 | ||
2fd7fb99 DSH |
17 | SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain |
18 | certificates associated with B<ctx>. Several certificates can be added one | |
19 | after another. | |
20 | ||
21 | SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates | |
22 | associated with B<ctx>. | |
23 | ||
24 | These functions are implemented as macros. | |
66ebbb6a LJ |
25 | |
26 | =head1 NOTES | |
27 | ||
2fd7fb99 DSH |
28 | When sending a certificate chain, extra chain certificates are sent in order |
29 | following the end entity certificate. | |
30 | ||
31 | If no chain is specified, the library will try to complete the chain from the | |
32 | available CA certificates in the trusted CA storage, see | |
9b86974e | 33 | L<SSL_CTX_load_verify_locations(3)>. |
66ebbb6a | 34 | |
2fd7fb99 DSH |
35 | The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be |
36 | freed by the library when the B<SSL_CTX> is destroyed. An application | |
37 | B<should not> free the B<x509> object. | |
0535c2d6 | 38 | |
eeb15452 DSH |
39 | =head1 RESTRICTIONS |
40 | ||
41 | Only one set of extra chain certificates can be specified per SSL_CTX | |
42 | structure. Different chains for different certificates (for example if both | |
43 | RSA and DSA certificates are specified by the same server) or different SSL | |
44 | structures with the same parent SSL_CTX cannot be specified using this | |
45 | function. For more flexibility functions such as SSL_add1_chain_cert() should | |
46 | be used instead. | |
47 | ||
66ebbb6a LJ |
48 | =head1 RETURN VALUES |
49 | ||
2fd7fb99 DSH |
50 | SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return |
51 | 1 on success and 0 for failure. Check out the error stack to find out the | |
52 | reason for failure. | |
66ebbb6a LJ |
53 | |
54 | =head1 SEE ALSO | |
55 | ||
b97fdb57 | 56 | L<ssl(7)>, |
9b86974e RS |
57 | L<SSL_CTX_use_certificate(3)>, |
58 | L<SSL_CTX_set_client_cert_cb(3)>, | |
59 | L<SSL_CTX_load_verify_locations(3)> | |
60 | L<SSL_CTX_set0_chain(3)> | |
61 | L<SSL_CTX_set1_chain(3)> | |
62 | L<SSL_CTX_add0_chain_cert(3)> | |
63 | L<SSL_CTX_add1_chain_cert(3)> | |
64 | L<SSL_set0_chain(3)> | |
65 | L<SSL_set1_chain(3)> | |
66 | L<SSL_add0_chain_cert(3)> | |
67 | L<SSL_add1_chain_cert(3)> | |
68 | L<SSL_CTX_build_cert_chain(3)> | |
69 | L<SSL_build_cert_chain(3)> | |
66ebbb6a | 70 | |
e2f92610 RS |
71 | =head1 COPYRIGHT |
72 | ||
73 | Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. | |
74 | ||
75 | Licensed under the OpenSSL license (the "License"). You may not use | |
76 | this file except in compliance with the License. You can obtain a copy | |
77 | in the file LICENSE in the source distribution or at | |
78 | L<https://www.openssl.org/source/license.html>. | |
79 | ||
80 | =cut |