"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.0.2q/doc/ssl/SSL_CTX_add_extra_chain_cert.pod" (20 Nov 2018, 2461 Bytes) of package /linux/misc/openssl-1.0.2q.tar.gz:

Caution: As a special service "Fossies" has tried to format the requested pod source page into HTML format but links to other pod pages may be missing or even errorneous. Alternatively you can here view or download the uninterpreted pod source code. A member file download can also be achieved by clicking within a package contents listing on the according byte size field. See also the last Fossies "Diffs" side-by-side code changes report for "SSL_CTX_add_extra_chain_cert.pod": 1.1.0g_vs_1.1.1-pre2.


SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear extra chain certificates


 #include <openssl/ssl.h>

 long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
 long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);


SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain certificates associated with ctx. Several certificates can be added one after another.

SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates associated with ctx.

These functions are implemented as macros.


When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate.

If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see SSL_CTX_load_verify_locations(3).

The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be freed by the library when the SSL_CTX is destroyed. An application should not free the x509 object.


Only one set of extra chain certificates can be specified per SSL_CTX structure. Different chains for different certificates (for example if both RSA and DSA certificates are specified by the same server) or different SSL structures with the same parent SSL_CTX cannot be specified using this function. For more flexibility functions such as SSL_add1_chain_cert() should be used instead.


SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return 1 on success and 0 for failure. Check out the error stack to find out the reason for failure.


ssl(3), SSL_CTX_use_certificate(3), SSL_CTX_set_client_cert_cb(3), SSL_CTX_load_verify_locations(3) SSL_CTX_set0_chain(3) SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3) SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3) SSL_add0_chain_cert(3) SSL_add1_chain_cert(3) SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)