Added an explicit yield (OP_SLEEP) to QUIC testing for cooperative threading.

[openssl.git] / doc / man3 / SSL_CTX_add1_chain_cert.pod

diff --git a/doc/man3/SSL_CTX_add1_chain_cert.pod b/doc/man3/SSL_CTX_add1_chain_cert.pod
index 1f0418b249c3dad49408ff1fdf701a1431204c43..10afc71dc9b62d9dd29557653e1ecb241685d4c1 100644 (file)
--- a/doc/man3/SSL_CTX_add1_chain_cert.pod
+++ b/doc/man3/SSL_CTX_add1_chain_cert.pod
@@ -52,8 +52,9 @@ SSL_CTX_clear_chain_certs() clears any existing chain associated with the
 current certificate of B<ctx>.  (This is implemented by calling
 SSL_CTX_set0_chain() with B<sk> set to B<NULL>).
 
-SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx> normally
-this uses the chain store or the verify store if the chain store is not set.
+SSL_CTX_build_cert_chain() builds the certificate chain for B<ctx>.
+Normally this uses the chain store
+or the verify store if the chain store is not set.
 If the function is successful the built chain will replace any existing chain.
 The B<flags> parameter can be set to B<SSL_BUILD_CHAIN_FLAG_UNTRUSTED> to use
 existing chain certificates as untrusted CAs, B<SSL_BUILD_CHAIN_FLAG_NO_ROOT>
@@ -63,6 +64,8 @@ sanity checking and rearranging them if necessary), the flag
 B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification:
 if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors
 are cleared from the error queue.
+Details of the chain building process are described in
+L<openssl-verification-options(1)/Certification Path Building>.
 
 Each of these functions operates on the I<current> end entity
 (i.e. server or client) certificate. This is the last certificate loaded or
@@ -86,7 +89,7 @@ used to iterate over all certificates in an B<SSL_CTX> structure.
 SSL_set_current_cert() also supports the option B<SSL_CERT_SET_SERVER>.
 If B<ssl> is a server and has sent a certificate to a connected client
 this option sets that certificate to the current certificate and returns 1.
-If the negotiated ciphersuite is anonymous (and thus no certificate will
+If the negotiated cipher suite is anonymous (and thus no certificate will
 be sent) 2 is returned and the current certificate is unchanged. If B<ssl>
 is not a server or a certificate has not been sent 0 is returned and
 the current certificate is unchanged.
@@ -129,7 +132,7 @@ using SSL_CTX_add_extra_chain_cert() will be used.
 =head1 RETURN VALUES
 
 SSL_set_current_cert() with B<SSL_CERT_SET_SERVER> return 1 for success, 2 if
-no server certificate is used because the ciphersuites is anonymous and 0
+no server certificate is used because the cipher suites is anonymous and 0
 for failure.
 
 SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success
@@ -140,17 +143,18 @@ All other functions return 1 for success and 0 for failure.
 
 =head1 SEE ALSO
 
+L<ssl(7)>,
 L<SSL_CTX_add_extra_chain_cert(3)>
 
 =head1 HISTORY
 
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
 
 =head1 COPYRIGHT
 
-Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2021 The OpenSSL Project Authors. All Rights Reserved.
 
-Licensed under the OpenSSL license (the "License").  You may not use
+Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
 in the file LICENSE in the source distribution or at
 L<https://www.openssl.org/source/license.html>.