SSL_CTX_add_extra_chain_cert.pod

Last change on this file was 108206, checked in by vboxsync, 3 months ago
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 3.0 KB

Line
1	=pod
2
3	=head1 NAME
4
5	SSL_CTX_add_extra_chain_cert,
6	SSL_CTX_get_extra_chain_certs,
7	SSL_CTX_get_extra_chain_certs_only,
8	SSL_CTX_clear_extra_chain_certs
9	- add, get or clear extra chain certificates
10
11	=head1 SYNOPSIS
12
13	#include <openssl/ssl.h>
14
15	long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 x509);
16	long SSL_CTX_get_extra_chain_certs(SSL_CTX ctx, STACK_OF(X509) *sk);
17	long SSL_CTX_get_extra_chain_certs_only(SSL_CTX ctx, STACK_OF(X509) *sk);
18	long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
19
20	=head1 DESCRIPTION
21
22	SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
23	certificates associated with B<ctx>. Several certificates can be added one
24	after another.
25
26	SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
27	associated with B<ctx>, or the chain associated with the current certificate
28	of B<ctx> if the extra chain is empty.
29	The returned stack should not be freed by the caller.
30
31	SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
32	associated with B<ctx>.
33	The returned stack should not be freed by the caller.
34
35	SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
36	associated with B<ctx>.
37
38	These functions are implemented as macros.
39
40	=head1 NOTES
41
42	When sending a certificate chain, extra chain certificates are sent in order
43	following the end entity certificate.
44
45	If no chain is specified, the library will try to complete the chain from the
46	available CA certificates in the trusted CA storage, see
47	L<SSL_CTX_load_verify_locations(3)>.
48
49	The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
50	freed by the library when the B<SSL_CTX> is destroyed. An application
51	B<should not> free the B<x509> object.
52
53	=head1 RESTRICTIONS
54
55	Only one set of extra chain certificates can be specified per SSL_CTX
56	structure. Different chains for different certificates (for example if both
57	RSA and DSA certificates are specified by the same server) or different SSL
58	structures with the same parent SSL_CTX cannot be specified using this
59	function. For more flexibility functions such as SSL_add1_chain_cert() should
60	be used instead.
61
62	=head1 RETURN VALUES
63
64	SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
65	1 on success and 0 for failure. Check out the error stack to find out the
66	reason for failure.
67
68	=head1 SEE ALSO
69
70	L<ssl(7)>,
71	L<SSL_CTX_use_certificate(3)>,
72	L<SSL_CTX_set_client_cert_cb(3)>,
73	L<SSL_CTX_load_verify_locations(3)>
74	L<SSL_CTX_set0_chain(3)>
75	L<SSL_CTX_set1_chain(3)>
76	L<SSL_CTX_add0_chain_cert(3)>
77	L<SSL_CTX_add1_chain_cert(3)>
78	L<SSL_set0_chain(3)>
79	L<SSL_set1_chain(3)>
80	L<SSL_add0_chain_cert(3)>
81	L<SSL_add1_chain_cert(3)>
82	L<SSL_CTX_build_cert_chain(3)>
83	L<SSL_build_cert_chain(3)>
84
85	=head1 COPYRIGHT
86
87	Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
88
89	Licensed under the Apache License 2.0 (the "License"). You may not use
90	this file except in compliance with the License. You can obtain a copy
91	in the file LICENSE in the source distribution or at
92	L<https://www.openssl.org/source/license.html>.
93
94	=cut

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.3.2/doc/man3/SSL_CTX_add_extra_chain_cert.pod

Download in other formats: