]>
Commit | Line | Data |
---|---|---|
66ebbb6a LJ |
1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
dc703d6b AS |
5 | SSL_CTX_add_extra_chain_cert, |
6 | SSL_CTX_get_extra_chain_certs, | |
7 | SSL_CTX_get_extra_chain_certs_only, | |
8 | SSL_CTX_clear_extra_chain_certs | |
9 | - add, get or clear extra chain certificates | |
66ebbb6a LJ |
10 | |
11 | =head1 SYNOPSIS | |
12 | ||
13 | #include <openssl/ssl.h> | |
14 | ||
2fd7fb99 | 15 | long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); |
dc703d6b AS |
16 | long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk); |
17 | long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk); | |
2fd7fb99 | 18 | long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); |
66ebbb6a LJ |
19 | |
20 | =head1 DESCRIPTION | |
21 | ||
2fd7fb99 DSH |
22 | SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain |
23 | certificates associated with B<ctx>. Several certificates can be added one | |
24 | after another. | |
25 | ||
dc703d6b AS |
26 | SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates |
27 | associated with B<ctx>, or the chain associated with the current certificate | |
28 | of B<ctx> if the extra chain is empty. | |
495a1e5c | 29 | The returned stack should not be freed by the caller. |
dc703d6b AS |
30 | |
31 | SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates | |
32 | associated with B<ctx>. | |
495a1e5c | 33 | The returned stack should not be freed by the caller. |
dc703d6b | 34 | |
2fd7fb99 DSH |
35 | SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates |
36 | associated with B<ctx>. | |
37 | ||
38 | These functions are implemented as macros. | |
66ebbb6a LJ |
39 | |
40 | =head1 NOTES | |
41 | ||
2fd7fb99 DSH |
42 | When sending a certificate chain, extra chain certificates are sent in order |
43 | following the end entity certificate. | |
44 | ||
45 | If no chain is specified, the library will try to complete the chain from the | |
46 | available CA certificates in the trusted CA storage, see | |
9b86974e | 47 | L<SSL_CTX_load_verify_locations(3)>. |
66ebbb6a | 48 | |
2fd7fb99 DSH |
49 | The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be |
50 | freed by the library when the B<SSL_CTX> is destroyed. An application | |
51 | B<should not> free the B<x509> object. | |
0535c2d6 | 52 | |
eeb15452 DSH |
53 | =head1 RESTRICTIONS |
54 | ||
55 | Only one set of extra chain certificates can be specified per SSL_CTX | |
56 | structure. Different chains for different certificates (for example if both | |
57 | RSA and DSA certificates are specified by the same server) or different SSL | |
58 | structures with the same parent SSL_CTX cannot be specified using this | |
59 | function. For more flexibility functions such as SSL_add1_chain_cert() should | |
60 | be used instead. | |
61 | ||
66ebbb6a LJ |
62 | =head1 RETURN VALUES |
63 | ||
2fd7fb99 DSH |
64 | SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return |
65 | 1 on success and 0 for failure. Check out the error stack to find out the | |
66 | reason for failure. | |
66ebbb6a LJ |
67 | |
68 | =head1 SEE ALSO | |
69 | ||
b97fdb57 | 70 | L<ssl(7)>, |
9b86974e RS |
71 | L<SSL_CTX_use_certificate(3)>, |
72 | L<SSL_CTX_set_client_cert_cb(3)>, | |
73 | L<SSL_CTX_load_verify_locations(3)> | |
74 | L<SSL_CTX_set0_chain(3)> | |
75 | L<SSL_CTX_set1_chain(3)> | |
76 | L<SSL_CTX_add0_chain_cert(3)> | |
77 | L<SSL_CTX_add1_chain_cert(3)> | |
78 | L<SSL_set0_chain(3)> | |
79 | L<SSL_set1_chain(3)> | |
80 | L<SSL_add0_chain_cert(3)> | |
81 | L<SSL_add1_chain_cert(3)> | |
82 | L<SSL_CTX_build_cert_chain(3)> | |
83 | L<SSL_build_cert_chain(3)> | |
66ebbb6a | 84 | |
e2f92610 RS |
85 | =head1 COPYRIGHT |
86 | ||
dc703d6b | 87 | Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 RS |
88 | |
89 | Licensed under the OpenSSL license (the "License"). You may not use | |
90 | this file except in compliance with the License. You can obtain a copy | |
91 | in the file LICENSE in the source distribution or at | |
92 | L<https://www.openssl.org/source/license.html>. | |
93 | ||
94 | =cut |