SSL extra chain certificates doc

Signed-off-by: Antoine Salon <asalon@vmware.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7522)
2025-03-31 20:10:45 +08:00 · 2018-10-16 09:07:00 -07:00 · 2018-10-16 09:07:00 -07:00 · dc703d6b46
commit dc703d6b46
parent 65d2c16cbe
3 changed files with 21 additions and 3 deletions
--- a/doc/man3/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/man3/SSL_CTX_add_extra_chain_cert.pod
@ -2,14 +2,19 @@

 =head1 NAME

-SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
-extra chain certificates
+SSL_CTX_add_extra_chain_cert,
+SSL_CTX_get_extra_chain_certs,
+SSL_CTX_get_extra_chain_certs_only,
+SSL_CTX_clear_extra_chain_certs
+- add, get or clear extra chain certificates

 =head1 SYNOPSIS

 #include <openssl/ssl.h>

 long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
 long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);

 =head1 DESCRIPTION
@ -18,6 +23,13 @@ SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
 certificates associated with B<ctx>. Several certificates can be added one
 after another.

+SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
+associated with B<ctx>, or the chain associated with the current certificate
+of B<ctx> if the extra chain is empty.
+
+SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
+associated with B<ctx>.
+
 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
 associated with B<ctx>.

@ -70,7 +82,7 @@ L<SSL_build_cert_chain(3)>

 =head1 COPYRIGHT

-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.

 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man7/ssl.pod
+++ b/doc/man7/ssl.pod
@ -254,6 +254,10 @@ protocol context defined in the B<SSL_CTX> structure.

 =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))

+=item long B<SSL_CTX_get_extra_chain_certs>(SSL_CTX *ctx, STACK_OF(X509) **sk);
+
+=item long B<SSL_CTX_get_extra_chain_certs_only>(SSL_CTX *ctx, STACK_OF(X509) **sk);
+
 =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);

 =item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);
--- a/util/private.num
+++ b/util/private.num
@ -324,6 +324,8 @@ SSL_CTX_disable_ct                      define
 SSL_CTX_generate_session_ticket_fn      define
 SSL_CTX_get0_chain_certs                define
 SSL_CTX_get_default_read_ahead          define
+SSL_CTX_get_extra_chain_certs           define
+SSL_CTX_get_extra_chain_certs_only      define
 SSL_CTX_get_max_cert_list               define
 SSL_CTX_get_max_proto_version           define
 SSL_CTX_get_min_proto_version           define