SSL_CTX_add_extra_chain_cert.pod revision 291719 
1207753Smm=pod
2207753Smm
3207753Smm=head1 NAME
4207753Smm
5207753SmmSSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
6207753Smmextra chain certificates
7207753Smm
8207753Smm=head1 SYNOPSIS
9207753Smm
10207753Smm #include <openssl/ssl.h>
11207753Smm
12207753Smm long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
13207753Smm long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
14207753Smm
15207753Smm=head1 DESCRIPTION
16207753Smm
17207753SmmSSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
18207753Smmcertificates associated with B<ctx>. Several certificates can be added one
19207753Smmafter another.
20207753Smm
21207753SmmSSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
22207753Smmassociated with B<ctx>.
23207753Smm
24These functions are implemented as macros.
25
26=head1 NOTES
27
28When sending a certificate chain, extra chain certificates are sent in order
29following the end entity certificate.
30
31If no chain is specified, the library will try to complete the chain from the
32available CA certificates in the trusted CA storage, see
33L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
34
35The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
36freed by the library when the B<SSL_CTX> is destroyed. An application
37B<should not> free the B<x509> object.
38
39=head1 RESTRICTIONS
40
41Only one set of extra chain certificates can be specified per SSL_CTX
42structure. Different chains for different certificates (for example if both
43RSA and DSA certificates are specified by the same server) or different SSL
44structures with the same parent SSL_CTX cannot be specified using this
45function. For more flexibility functions such as SSL_add1_chain_cert() should
46be used instead.
47
48=head1 RETURN VALUES
49
50SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
511 on success and 0 for failure. Check out the error stack to find out the
52reason for failure.
53
54=head1 SEE ALSO
55
56L<ssl(3)|ssl(3)>,
57L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
58L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
59L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
60L<SSL_CTX_set0_chain(3)|SSL_CTX_set0_chain(3)>
61L<SSL_CTX_set1_chain(3)|SSL_CTX_set1_chain(3)>
62L<SSL_CTX_add0_chain_cert(3)|SSL_CTX_add0_chain_cert(3)>
63L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)>
64L<SSL_set0_chain(3)|SSL_set0_chain(3)>
65L<SSL_set1_chain(3)|SSL_set1_chain(3)>
66L<SSL_add0_chain_cert(3)|SSL_add0_chain_cert(3)>
67L<SSL_add1_chain_cert(3)|SSL_add1_chain_cert(3)>
68L<SSL_CTX_build_cert_chain(3)|SSL_CTX_build_cert_chain(3)>
69L<SSL_build_cert_chain(3)|SSL_build_cert_chain(3)>
70
71=cut
72