5 SSL_CTX_add_extra_chain_cert,
6 SSL_CTX_get_extra_chain_certs,
7 SSL_CTX_get_extra_chain_certs_only,
8 SSL_CTX_clear_extra_chain_certs
9 - add, get or clear extra chain certificates
13 #include <openssl/ssl.h>
15 long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
16 long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
17 long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
18 long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
22 SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
23 certificates associated with B<ctx>. Several certificates can be added one
26 SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
27 associated with B<ctx>, or the chain associated with the current certificate
28 of B<ctx> if the extra chain is empty.
30 SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
31 associated with B<ctx>.
33 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
34 associated with B<ctx>.
36 These functions are implemented as macros.
40 When sending a certificate chain, extra chain certificates are sent in order
41 following the end entity certificate.
43 If no chain is specified, the library will try to complete the chain from the
44 available CA certificates in the trusted CA storage, see
45 L<SSL_CTX_load_verify_locations(3)>.
47 The B<x509> certificate provided to SSL_CTX_add_extra_chain_cert() will be
48 freed by the library when the B<SSL_CTX> is destroyed. An application
49 B<should not> free the B<x509> object.
53 Only one set of extra chain certificates can be specified per SSL_CTX
54 structure. Different chains for different certificates (for example if both
55 RSA and DSA certificates are specified by the same server) or different SSL
56 structures with the same parent SSL_CTX cannot be specified using this
57 function. For more flexibility functions such as SSL_add1_chain_cert() should
62 SSL_CTX_add_extra_chain_cert() and SSL_CTX_clear_extra_chain_certs() return
63 1 on success and 0 for failure. Check out the error stack to find out the
69 L<SSL_CTX_use_certificate(3)>,
70 L<SSL_CTX_set_client_cert_cb(3)>,
71 L<SSL_CTX_load_verify_locations(3)>
72 L<SSL_CTX_set0_chain(3)>
73 L<SSL_CTX_set1_chain(3)>
74 L<SSL_CTX_add0_chain_cert(3)>
75 L<SSL_CTX_add1_chain_cert(3)>
78 L<SSL_add0_chain_cert(3)>
79 L<SSL_add1_chain_cert(3)>
80 L<SSL_CTX_build_cert_chain(3)>
81 L<SSL_build_cert_chain(3)>
85 Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
87 Licensed under the OpenSSL license (the "License"). You may not use
88 this file except in compliance with the License. You can obtain a copy
89 in the file LICENSE in the source distribution or at
90 L<https://www.openssl.org/source/license.html>.