openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
Jeffrey Walton 0535c2d67c Clarify docs.
Document that the certificate passed to SSL_CTX_add_extra_chain_cert()
should not be freed by the application.

PR#3409
2014-06-27 16:39:11 +01:00

60 lines
2.1 KiB
Text

=pod
=head1 NAME
SSL_CTX_add_extra_chain_cert - add certificate to chain
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509)
=head1 DESCRIPTION
SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate
chain presented together with the certificate. Several certificates
can be added one after the other.
=head1 NOTES
When constructing the certificate chain, the chain will be formed from
these certificates explicitly specified. If no chain is specified,
the library will try to complete the chain from the available CA
certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object.
=head1 RESTRICTIONS
Only one set of extra chain certificates can be specified per SSL_CTX
structure. Different chains for different certificates (for example if both
RSA and DSA certificates are specified by the same server) or different SSL
structures with the same parent SSL_CTX cannot be specified using this
function. For more flexibility functions such as SSL_add1_chain_cert() should
be used instead.
=head1 RETURN VALUES
SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the
error stack to find out the reason for failure otherwise.
=head1 SEE ALSO
L<ssl(3)|ssl(3)>,
L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)>
L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)>
L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)>
L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)>
L<SSL_set0_chain(3)|SSL_set0_chain(3)>
L<SSL_set1_chain(3)|SSL_set1_chain(3)>
L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)>
L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)>
L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)>
L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)>
=cut