4746f25ac6
[skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7829)
94 lines
3 KiB
Text
94 lines
3 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
SSL_CTX_add_extra_chain_cert,
|
|
SSL_CTX_get_extra_chain_certs,
|
|
SSL_CTX_get_extra_chain_certs_only,
|
|
SSL_CTX_clear_extra_chain_certs
|
|
- add, get or clear extra chain certificates
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/ssl.h>
|
|
|
|
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
|
|
long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
|
|
long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
|
|
long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
|
|
certificates associated with B<ctx>. Several certificates can be added one
|
|
after another.
|
|
|
|
SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
|
|
associated with B<ctx>, or the chain associated with the current certificate
|
|
of B<ctx> if the extra chain is empty.
|
|
The returned stack should not be freed by the caller.
|
|
|
|
SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
|
|
associated with B<ctx>.
|
|
The returned stack should not be freed by the caller.
|
|
|
|
SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
|
|
associated with B<ctx>.
|
|
|
|
These functions are implemented as macros.
|
|
|
|
=head1 NOTES
|
|
|
|
When sending a certificate chain, extra chain certificates are sent in order
|
|
following the end entity certificate.
|
|
|
|
If no chain is specified, the library will try to complete the chain from the
|
|
available CA certificates in the trusted CA storage, see
|
|
L<SSL_CTX_load_verify_locations(3)>.
|
|
|
|
The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
|
|
freed by the library when the B<SSL_CTX> is destroyed. An application
|
|
B<should not> free the B<x509> object.
|
|
|
|
=head1 RESTRICTIONS
|
|
|
|
Only one set of extra chain certificates can be specified per SSL_CTX
|
|
structure. Different chains for different certificates (for example if both
|
|
RSA and DSA certificates are specified by the same server) or different SSL
|
|
structures with the same parent SSL_CTX cannot be specified using this
|
|
function. For more flexibility functions such as SSL_add1_chain_cert() should
|
|
be used instead.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
|
|
1 on success and 0 for failure. Check out the error stack to find out the
|
|
reason for failure.
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<ssl(7)>,
|
|
L<SSL_CTX_use_certificate(3)>,
|
|
L<SSL_CTX_set_client_cert_cb(3)>,
|
|
L<SSL_CTX_load_verify_locations(3)>
|
|
L<SSL_CTX_set0_chain(3)>
|
|
L<SSL_CTX_set1_chain(3)>
|
|
L<SSL_CTX_add0_chain_cert(3)>
|
|
L<SSL_CTX_add1_chain_cert(3)>
|
|
L<SSL_set0_chain(3)>
|
|
L<SSL_set1_chain(3)>
|
|
L<SSL_add0_chain_cert(3)>
|
|
L<SSL_add1_chain_cert(3)>
|
|
L<SSL_CTX_build_cert_chain(3)>
|
|
L<SSL_build_cert_chain(3)>
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|