81 lines
2.4 KiB
Plaintext
81 lines
2.4 KiB
Plaintext
|
=pod
|
||
|
|
||
|
=head1 NAME
|
||
|
|
||
|
SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
|
||
|
extra chain certificates
|
||
|
|
||
|
=head1 SYNOPSIS
|
||
|
|
||
|
#include <openssl/ssl.h>
|
||
|
|
||
|
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
|
||
|
long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
|
||
|
|
||
|
=head1 DESCRIPTION
|
||
|
|
||
|
SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
|
||
|
certificates associated with B<ctx>. Several certificates can be added one
|
||
|
after another.
|
||
|
|
||
|
SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
|
||
|
associated with B<ctx>.
|
||
|
|
||
|
These functions are implemented as macros.
|
||
|
|
||
|
=head1 NOTES
|
||
|
|
||
|
When sending a certificate chain, extra chain certificates are sent in order
|
||
|
following the end entity certificate.
|
||
|
|
||
|
If no chain is specified, the library will try to complete the chain from the
|
||
|
available CA certificates in the trusted CA storage, see
|
||
|
L<SSL_CTX_load_verify_locations(3)>.
|
||
|
|
||
|
The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
|
||
|
freed by the library when the B<SSL_CTX> is destroyed. An application
|
||
|
B<should not> free the B<x509> object.
|
||
|
|
||
|
=head1 RESTRICTIONS
|
||
|
|
||
|
Only one set of extra chain certificates can be specified per SSL_CTX
|
||
|
structure. Different chains for different certificates (for example if both
|
||
|
RSA and DSA certificates are specified by the same server) or different SSL
|
||
|
structures with the same parent SSL_CTX cannot be specified using this
|
||
|
function. For more flexibility functions such as SSL_add1_chain_cert() should
|
||
|
be used instead.
|
||
|
|
||
|
=head1 RETURN VALUES
|
||
|
|
||
|
SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
|
||
|
1 on success and 0 for failure. Check out the error stack to find out the
|
||
|
reason for failure.
|
||
|
|
||
|
=head1 SEE ALSO
|
||
|
|
||
|
L<ssl(7)>,
|
||
|
L<SSL_CTX_use_certificate(3)>,
|
||
|
L<SSL_CTX_set_client_cert_cb(3)>,
|
||
|
L<SSL_CTX_load_verify_locations(3)>
|
||
|
L<SSL_CTX_set0_chain(3)>
|
||
|
L<SSL_CTX_set1_chain(3)>
|
||
|
L<SSL_CTX_add0_chain_cert(3)>
|
||
|
L<SSL_CTX_add1_chain_cert(3)>
|
||
|
L<SSL_set0_chain(3)>
|
||
|
L<SSL_set1_chain(3)>
|
||
|
L<SSL_add0_chain_cert(3)>
|
||
|
L<SSL_add1_chain_cert(3)>
|
||
|
L<SSL_CTX_build_cert_chain(3)>
|
||
|
L<SSL_build_cert_chain(3)>
|
||
|
|
||
|
=head1 COPYRIGHT
|
||
|
|
||
|
Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
|
||
|
Licensed under the OpenSSL license (the "License"). You may not use
|
||
|
this file except in compliance with the License. You can obtain a copy
|
||
|
in the file LICENSE in the source distribution or at
|
||
|
L<https://www.openssl.org/source/license.html>.
|
||
|
|
||
|
=cut
|