mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Update docs.

Browse Source 
Clarify and update documention for extra chain certificates.

PR#3878.

Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-06-17 01:13:40 +01:00
parent 6d5f8265ce
commit 2fd7fb99db
1 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
doc/ssl/SSL_CTX_add_extra_chain_cert.pod
View File

@ -2,29 +2,39 @@
=head1 NAME =head1 NAME
SSL_CTX_add_extra_chain_cert - add certificate to chain SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
extra chain certificates
=head1 SYNOPSIS =head1 SYNOPSIS
#include <openssl/ssl.h> #include <openssl/ssl.h>
long SSL_CTX_add_extra_chain_cert(SSL_CTX ctx, X509 *x509) long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
=head1 DESCRIPTION =head1 DESCRIPTION
SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the certificate SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
chain presented together with the certificate. Several certificates certificates associated with B<ctx>. Several certificates can be added one
can be added one after the other. after another.
SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
associated with B<ctx>.
These functions are implemented as macros.
=head1 NOTES =head1 NOTES
When constructing the certificate chain, the chain will be formed from When sending a certificate chain, extra chain certificates are sent in order
these certificates explicitly specified. If no chain is specified, following the end entity certificate.
the library will try to complete the chain from the available CA
certificates in the trusted CA storage, see If no chain is specified, the library will try to complete the chain from the
available CA certificates in the trusted CA storage, see
L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>. L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the B<SSL_CTX> is destroyed. An application B<should not> free the B<x509> object. The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
freed by the library when the B<SSL_CTX> is destroyed. An application
B<should not> free the B<x509> object.
=head1 RESTRICTIONS =head1 RESTRICTIONS
@ -37,8 +47,9 @@ be used instead.
=head1 RETURN VALUES =head1 RETURN VALUES
SSL_CTX_add_extra_chain_cert() returns 1 on success. Check out the SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
error stack to find out the reason for failure otherwise. 1 on success and 0 for failure. Check out the error stack to find out the
reason for failure.
=head1 SEE ALSO =head1 SEE ALSO