Home Explore Help
Sign In
OWEALs
/
openssl
mirror of git://git.openssl.org/openssl.git
2
0
Fork 0
Files Issues 1 Wiki
Tree: f529b5cf05
Branches Tags
openssl
/
doc
/
man3
/
SSL_CTX_add_extra_chain_cert.pod

SSL_CTX_add_extra_chain_cert.pod 2.4 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. =pod
    2. 

  2. 

  3. =head1 NAME
    4. 

  4. 

  5. SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
    6. 

  6. extra chain certificates
    7. 

  7. 

  8. =head1 SYNOPSIS
    9. 

  9. 

  10.  #include <openssl/ssl.h>
    11. 

  11. 

  12.  long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
    13. 

  13.  long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
    14. 

  14. 

  15. =head1 DESCRIPTION
    16. 

  16. 

  17. SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
    18. 

  18. certificates associated with B<ctx>. Several certificates can be added one
    19. 

  19. after another.
    20. 

  20. 

  21. SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
    22. 

  22. associated with B<ctx>.
    23. 

  23. 

  24. These functions are implemented as macros.
    25. 

  25. 

  26. =head1 NOTES
    27. 

  27. 

  28. When sending a certificate chain, extra chain certificates are sent in order
    29. 

  29. following the end entity certificate.
    30. 

  30. 

  31. If no chain is specified, the library will try to complete the chain from the
    32. 

  32. available CA certificates in the trusted CA storage, see
    33. 

  33. L<SSL_CTX_load_verify_locations(3)>.
    34. 

  34. 

  35. The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
    36. 

  36. freed by the library when the B<SSL_CTX> is destroyed. An application
    37. 

  37. B<should not> free the B<x509> object.
    38. 

  38. 

  39. =head1 RESTRICTIONS
    40. 

  40. 

  41. Only one set of extra chain certificates can be specified per SSL_CTX
    42. 

  42. structure. Different chains for different certificates (for example if both
    43. 

  43. RSA and DSA certificates are specified by the same server) or different SSL
    44. 

  44. structures with the same parent SSL_CTX cannot be specified using this
    45. 

  45. function. For more flexibility functions such as SSL_add1_chain_cert() should
    46. 

  46. be used instead.
    47. 

  47. 

  48. =head1 RETURN VALUES
    49. 

  49. 

  50. SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
    51. 

  51. 1 on success and 0 for failure. Check out the error stack to find out the
    52. 

  52. reason for failure.
    53. 

  53. 

  54. =head1 SEE ALSO
    55. 

  55. 

  56. L<ssl(7)>,
    57. 

  57. L<SSL_CTX_use_certificate(3)>,
    58. 

  58. L<SSL_CTX_set_client_cert_cb(3)>,
    59. 

  59. L<SSL_CTX_load_verify_locations(3)>
    60. 

  60. L<SSL_CTX_set0_chain(3)>
    61. 

  61. L<SSL_CTX_set1_chain(3)>
    62. 

  62. L<SSL_CTX_add0_chain_cert(3)>
    63. 

  63. L<SSL_CTX_add1_chain_cert(3)>
    64. 

  64. L<SSL_set0_chain(3)>
    65. 

  65. L<SSL_set1_chain(3)>
    66. 

  66. L<SSL_add0_chain_cert(3)>
    67. 

  67. L<SSL_add1_chain_cert(3)>
    68. 

  68. L<SSL_CTX_build_cert_chain(3)>
    69. 

  69. L<SSL_build_cert_chain(3)>
    70. 

  70. 

  71. =head1 COPYRIGHT
    72. 

  72. 

  73. Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
    74. 

  74. 

  75. Licensed under the OpenSSL license (the "License").  You may not use
    76. 

  76. this file except in compliance with the License.  You can obtain a copy
    77. 

  77. in the file LICENSE in the source distribution or at
    78. 

  78. L<https://www.openssl.org/source/license.html>.
    79. 

  79. 

  80. =cut
    81.