openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
Rich Salz 9b86974e0c Fix L<> content in manpages
L<foo|foo> is sub-optimal  If the xref is the same as the title,
which is what we do, then you only need L<foo>.  This fixes all
1457 occurrences in 349 files.  Approximately.  (And pod used to
need both.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-08-21 15:11:50 -04:00

71 lines
2 KiB
Text

=pod
=head1 NAME
SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
extra chain certificates
=head1 SYNOPSIS
#include <openssl/ssl.h>
long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
=head1 DESCRIPTION
SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
certificates associated with B<ctx>. Several certificates can be added one
after another.
SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
associated with B<ctx>.
These functions are implemented as macros.
=head1 NOTES
When sending a certificate chain, extra chain certificates are sent in order
following the end entity certificate.
If no chain is specified, the library will try to complete the chain from the
available CA certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)>.
The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
freed by the library when the B<SSL_CTX> is destroyed. An application
B<should not> free the B<x509> object.
=head1 RESTRICTIONS
Only one set of extra chain certificates can be specified per SSL_CTX
structure. Different chains for different certificates (for example if both
RSA and DSA certificates are specified by the same server) or different SSL
structures with the same parent SSL_CTX cannot be specified using this
function. For more flexibility functions such as SSL_add1_chain_cert() should
be used instead.
=head1 RETURN VALUES
SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
1 on success and 0 for failure. Check out the error stack to find out the
reason for failure.
=head1 SEE ALSO
L<ssl(3)>,
L<SSL_CTX_use_certificate(3)>,
L<SSL_CTX_set_client_cert_cb(3)>,
L<SSL_CTX_load_verify_locations(3)>
L<SSL_CTX_set0_chain(3)>
L<SSL_CTX_set1_chain(3)>
L<SSL_CTX_add0_chain_cert(3)>
L<SSL_CTX_add1_chain_cert(3)>
L<SSL_set0_chain(3)>
L<SSL_set1_chain(3)>
L<SSL_add0_chain_cert(3)>
L<SSL_add1_chain_cert(3)>
L<SSL_CTX_build_cert_chain(3)>
L<SSL_build_cert_chain(3)>
=cut