1SSL_CTX_ADD_EXTRA_CHAIN_CERT(3ossl) OpenSSLSSL_CTX_ADD_EXTRA_CHAIN_CERT(3ossl)
2
3
4

NAME

6       SSL_CTX_add_extra_chain_cert, SSL_CTX_get_extra_chain_certs,
7       SSL_CTX_get_extra_chain_certs_only, SSL_CTX_clear_extra_chain_certs -
8       add, get or clear extra chain certificates
9

SYNOPSIS

11        #include <openssl/ssl.h>
12
13        long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
14        long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
15        long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
16        long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
17

DESCRIPTION

19       SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra
20       chain certificates associated with ctx. Several certificates can be
21       added one after another.
22
23       SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
24       associated with ctx, or the chain associated with the current
25       certificate of ctx if the extra chain is empty.  The returned stack
26       should not be freed by the caller.
27
28       SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain
29       certificates associated with ctx.  The returned stack should not be
30       freed by the caller.
31
32       SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
33       associated with ctx.
34
35       These functions are implemented as macros.
36

NOTES

38       When sending a certificate chain, extra chain certificates are sent in
39       order following the end entity certificate.
40
41       If no chain is specified, the library will try to complete the chain
42       from the available CA certificates in the trusted CA storage, see
43       SSL_CTX_load_verify_locations(3).
44
45       The x509 certificate provided to SSL_CTX_add_extra_chain_cert() will be
46       freed by the library when the SSL_CTX is destroyed. An application
47       should not free the x509 object.
48

RESTRICTIONS

50       Only one set of extra chain certificates can be specified per SSL_CTX
51       structure. Different chains for different certificates (for example if
52       both RSA and DSA certificates are specified by the same server) or
53       different SSL structures with the same parent SSL_CTX cannot be
54       specified using this function. For more flexibility functions such as
55       SSL_add1_chain_cert() should be used instead.
56

RETURN VALUES

58       SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs()
59       return 1 on success and 0 for failure. Check out the error stack to
60       find out the reason for failure.
61

SEE ALSO

63       ssl(7), SSL_CTX_use_certificate(3), SSL_CTX_set_client_cert_cb(3),
64       SSL_CTX_load_verify_locations(3) SSL_CTX_set0_chain(3)
65       SSL_CTX_set1_chain(3) SSL_CTX_add0_chain_cert(3)
66       SSL_CTX_add1_chain_cert(3) SSL_set0_chain(3) SSL_set1_chain(3)
67       SSL_add0_chain_cert(3) SSL_add1_chain_cert(3)
68       SSL_CTX_build_cert_chain(3) SSL_build_cert_chain(3)
69
71       Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
72
73       Licensed under the Apache License 2.0 (the "License").  You may not use
74       this file except in compliance with the License.  You can obtain a copy
75       in the file LICENSE in the source distribution or at
76       <https://www.openssl.org/source/license.html>.
77
78
79
803.1.1                             2023-08-31SSL_CTX_ADD_EXTRA_CHAIN_CERT(3ossl)
Impressum