current certificate of B<ctx>. (This is implemented by calling
SSL_CTX_set0_chain() with B<sk> set to B<NULL>).
-SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally
-this uses the chain store or the verify store if the chain store is not set.
+SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
+Normally this uses the chain store
+or the verify store if the chain store is not set.
If the function is successful the built chain will replace any existing chain.
The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_UNTRUSTED> to use
existing chain certificates as untrusted CAs, B<SSL_BUILD_CHAIN_FLAG_NO_ROOT>
B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification:
if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors
are cleared from the error queue.
+Details of the chain building process are described in
+L<openssl-verification-options(1)/Certification Path Building>.
Each of these functions operates on the I<current> end entity
(i.e. server or client) certificate. This is the last certificate loaded or
SSL_set_current_cert() also supports the option B<SSL_CERT_SET_SERVER>.
If B<ssl> is a server and has sent a certificate to a connected client
this option sets that certificate to the current certificate and returns 1.
-If the negotiated ciphersuite is anonymous (and thus no certificate will
+If the negotiated cipher suite is anonymous (and thus no certificate will
be sent) 2 is returned and the current certificate is unchanged. If B<ssl>
is not a server or a certificate has not been sent 0 is returned and
the current certificate is unchanged.
=head1 RETURN VALUES
SSL_set_current_cert() with B<SSL_CERT_SET_SERVER> return 1 for success, 2 if
-no server certificate is used because the ciphersuites is anonymous and 0
+no server certificate is used because the cipher suites is anonymous and 0
for failure.
SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success
=head1 SEE ALSO
+L<ssl(7)>,
L<SSL_CTX_add_extra_chain_cert(3)>
=head1 HISTORY
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
=head1 COPYRIGHT
-Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.