xref: /freebsd-src/crypto/openssl/doc/man3/SSL_CTX_add_extra_chain_cert.pod (revision b077aed33b7b6aefca7b17ddb250cf521f938613) 
1e71b7053SJung-uk Kim=pod
2e71b7053SJung-uk Kim
3e71b7053SJung-uk Kim=head1 NAME
4e71b7053SJung-uk Kim
5*b077aed3SPierre ProncherySSL_CTX_add_extra_chain_cert,
6*b077aed3SPierre ProncherySSL_CTX_get_extra_chain_certs,
7*b077aed3SPierre ProncherySSL_CTX_get_extra_chain_certs_only,
8*b077aed3SPierre ProncherySSL_CTX_clear_extra_chain_certs
9*b077aed3SPierre Pronchery- add, get or clear extra chain certificates
10e71b7053SJung-uk Kim
11e71b7053SJung-uk Kim=head1 SYNOPSIS
12e71b7053SJung-uk Kim
13e71b7053SJung-uk Kim #include <openssl/ssl.h>
14e71b7053SJung-uk Kim
15e71b7053SJung-uk Kim long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
16*b077aed3SPierre Pronchery long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
17*b077aed3SPierre Pronchery long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
18e71b7053SJung-uk Kim long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
19e71b7053SJung-uk Kim
20e71b7053SJung-uk Kim=head1 DESCRIPTION
21e71b7053SJung-uk Kim
22e71b7053SJung-uk KimSSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
23e71b7053SJung-uk Kimcertificates associated with B<ctx>. Several certificates can be added one
24e71b7053SJung-uk Kimafter another.
25e71b7053SJung-uk Kim
26*b077aed3SPierre ProncherySSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
27*b077aed3SPierre Proncheryassociated with B<ctx>, or the chain associated with the current certificate
28*b077aed3SPierre Proncheryof B<ctx> if the extra chain is empty.
29*b077aed3SPierre ProncheryThe returned stack should not be freed by the caller.
30*b077aed3SPierre Pronchery
31*b077aed3SPierre ProncherySSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
32*b077aed3SPierre Proncheryassociated with B<ctx>.
33*b077aed3SPierre ProncheryThe returned stack should not be freed by the caller.
34*b077aed3SPierre Pronchery
35e71b7053SJung-uk KimSSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
36e71b7053SJung-uk Kimassociated with B<ctx>.
37e71b7053SJung-uk Kim
38e71b7053SJung-uk KimThese functions are implemented as macros.
39e71b7053SJung-uk Kim
40e71b7053SJung-uk Kim=head1 NOTES
41e71b7053SJung-uk Kim
42e71b7053SJung-uk KimWhen sending a certificate chain, extra chain certificates are sent in order
43e71b7053SJung-uk Kimfollowing the end entity certificate.
44e71b7053SJung-uk Kim
45e71b7053SJung-uk KimIf no chain is specified, the library will try to complete the chain from the
46e71b7053SJung-uk Kimavailable CA certificates in the trusted CA storage, see
47e71b7053SJung-uk KimL<SSL_CTX_load_verify_locations(3)>.
48e71b7053SJung-uk Kim
49e71b7053SJung-uk KimThe B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
50e71b7053SJung-uk Kimfreed by the library when the B<SSL_CTX> is destroyed. An application
51e71b7053SJung-uk KimB<should not> free the B<x509> object.
52e71b7053SJung-uk Kim
53e71b7053SJung-uk Kim=head1 RESTRICTIONS
54e71b7053SJung-uk Kim
55e71b7053SJung-uk KimOnly one set of extra chain certificates can be specified per SSL_CTX
56e71b7053SJung-uk Kimstructure. Different chains for different certificates (for example if both
57e71b7053SJung-uk KimRSA and DSA certificates are specified by the same server) or different SSL
58e71b7053SJung-uk Kimstructures with the same parent SSL_CTX cannot be specified using this
59e71b7053SJung-uk Kimfunction. For more flexibility functions such as SSL_add1_chain_cert() should
60e71b7053SJung-uk Kimbe used instead.
61e71b7053SJung-uk Kim
62e71b7053SJung-uk Kim=head1 RETURN VALUES
63e71b7053SJung-uk Kim
64e71b7053SJung-uk KimSSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
65e71b7053SJung-uk Kim1 on success and 0 for failure. Check out the error stack to find out the
66e71b7053SJung-uk Kimreason for failure.
67e71b7053SJung-uk Kim
68e71b7053SJung-uk Kim=head1 SEE ALSO
69e71b7053SJung-uk Kim
70e71b7053SJung-uk KimL<ssl(7)>,
71e71b7053SJung-uk KimL<SSL_CTX_use_certificate(3)>,
72e71b7053SJung-uk KimL<SSL_CTX_set_client_cert_cb(3)>,
73e71b7053SJung-uk KimL<SSL_CTX_load_verify_locations(3)>
74e71b7053SJung-uk KimL<SSL_CTX_set0_chain(3)>
75e71b7053SJung-uk KimL<SSL_CTX_set1_chain(3)>
76e71b7053SJung-uk KimL<SSL_CTX_add0_chain_cert(3)>
77e71b7053SJung-uk KimL<SSL_CTX_add1_chain_cert(3)>
78e71b7053SJung-uk KimL<SSL_set0_chain(3)>
79e71b7053SJung-uk KimL<SSL_set1_chain(3)>
80e71b7053SJung-uk KimL<SSL_add0_chain_cert(3)>
81e71b7053SJung-uk KimL<SSL_add1_chain_cert(3)>
82e71b7053SJung-uk KimL<SSL_CTX_build_cert_chain(3)>
83e71b7053SJung-uk KimL<SSL_build_cert_chain(3)>
84e71b7053SJung-uk Kim
85e71b7053SJung-uk Kim=head1 COPYRIGHT
86e71b7053SJung-uk Kim
87*b077aed3SPierre ProncheryCopyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
88e71b7053SJung-uk Kim
89*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
90e71b7053SJung-uk Kimthis file except in compliance with the License.  You can obtain a copy
91e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at
92e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>.
93e71b7053SJung-uk Kim
94e71b7053SJung-uk Kim=cut
95