Sortix 1.1dev nightly manual
This manual documents Sortix 1.1dev nightly, a development build that has not been officially released. You can instead view this document in the latest official manual.
|SSL_CTX_ADD_EXTRA_CHAIN_CERT(3)||Library Functions Manual||SSL_CTX_ADD_EXTRA_CHAIN_CERT(3)|
add, retrieve, and clear extra chain certificates
SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509); long
SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **certs); long
SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs); long
SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain certificates associated with ctx. Several certificates can be added one after another.
SSL_CTX_get_extra_chain_certs_only() retrieves an internal pointer to the stack of extra chain certificates associated with ctx, or set *certs to
NULLif there are none.
SSL_CTX_get_extra_chain_certs() does the same except that it retrieves an internal pointer to the chain associated with the certificate if there are no extra chain certificates.
SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates associated with ctx. These functions are implemented as macros. When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate. If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see SSL_CTX_load_verify_locations(3). The x509 certificate provided to
SSL_CTX_add_extra_chain_cert() will be freed by the library when the SSL_CTX is destroyed. An application should not free the x509 object, nor the *certs object retrieved by
SSL_CTX_get_extra_chain_certs(). ssl(3), SSL_CTX_add1_chain_cert(3), SSL_CTX_ctrl(3), SSL_CTX_load_verify_locations(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_use_certificate(3)
SSL_CTX_add_extra_chain_cert() first appeared in SSLeay 0.9.1 and has been available since OpenBSD 2.6.
SSL_CTX_clear_extra_chain_certs() first appeared in OpenSSL 1.0.1 and have been available since OpenBSD 5.3.
SSL_CTX_get_extra_chain_certs_only() first appeared in OpenSSL 1.0.2 and has been available since OpenBSD 6.7.
SSL_CTX_add_extra_chain_cert() are ignored when certificates are also available that have been added using the functions documented in SSL_CTX_set1_chain(3). Only one set of extra chain certificates can be specified per SSL_CTX structure using
SSL_CTX_add_extra_chain_cert(). Different chains for different certificates (for example if both RSA and DSA certificates are specified by the same server) or different SSL structures with the same parent SSL_CTX require using the functions documented in SSL_CTX_set1_chain(3) instead.
|January 2, 2020||Debian|