172613Skris=pod 272613Skris 372613Skris=head1 NAME 472613Skris 5291719SjkimSSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear 6291719Sjkimextra chain certificates 772613Skris 872613Skris=head1 SYNOPSIS 972613Skris 1072613Skris #include <openssl/ssl.h> 1172613Skris 12291719Sjkim long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); 13291719Sjkim long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx); 1472613Skris 1572613Skris=head1 DESCRIPTION 1672613Skris 17291719SjkimSSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain 18291719Sjkimcertificates associated with B<ctx>. Several certificates can be added one 19291719Sjkimafter another. 2072613Skris 21291719SjkimSSL_CTX_clear_extra_chain_certs() clears all extra chain certificates 22291719Sjkimassociated with B<ctx>. 23291719Sjkim 24291719SjkimThese functions are implemented as macros. 25291719Sjkim 2672613Skris=head1 NOTES 2772613Skris 28291719SjkimWhen sending a certificate chain, extra chain certificates are sent in order 29291719Sjkimfollowing the end entity certificate. 30291719Sjkim 31291719SjkimIf no chain is specified, the library will try to complete the chain from the 32291719Sjkimavailable CA certificates in the trusted CA storage, see 3372613SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. 3472613Skris 35291719SjkimThe B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be 36291719Sjkimfreed by the library when the B<SSL_CTX> is destroyed. An application 37291719SjkimB<should not> free the B<x509> object. 38269682Sjkim 39269682Sjkim=head1 RESTRICTIONS 40269682Sjkim 41269682SjkimOnly one set of extra chain certificates can be specified per SSL_CTX 42269682Sjkimstructure. Different chains for different certificates (for example if both 43269682SjkimRSA and DSA certificates are specified by the same server) or different SSL 44269682Sjkimstructures with the same parent SSL_CTX cannot be specified using this 45290207Sjkimfunction. For more flexibility functions such as SSL_add1_chain_cert() should 46290207Sjkimbe used instead. 47269682Sjkim 4872613Skris=head1 RETURN VALUES 4972613Skris 50291719SjkimSSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return 51291719Sjkim1 on success and 0 for failure. Check out the error stack to find out the 52291719Sjkimreason for failure. 5372613Skris 5472613Skris=head1 SEE ALSO 5572613Skris 5672613SkrisL<ssl(3)|ssl(3)>, 5772613SkrisL<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>, 58100928SnectarL<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>, 5972613SkrisL<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 60290207SjkimL<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)> 61290207SjkimL<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)> 62290207SjkimL<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)> 63290207SjkimL<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)> 64290207SjkimL<SSL_set0_chain(3)|SSL_set0_chain(3)> 65290207SjkimL<SSL_set1_chain(3)|SSL_set1_chain(3)> 66290207SjkimL<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)> 67290207SjkimL<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)> 68290207SjkimL<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)> 69290207SjkimL<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)> 7072613Skris 7172613Skris=cut 72