X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fssl%2FSSL_CTX_add1_chain_cert.pod;h=e294afe253b866fa4b086e8a4d3d3804dd5cfdd6;hp=2d2161ae96b7d02015e2424f4cf63d105840a0ba;hb=daddd9a950e491c31f9500d5e570bc7eb96b2823;hpb=7b6b246fd393cbe07bc1f0d456140efdff59f971 diff --git a/doc/ssl/SSL_CTX_add1_chain_cert.pod b/doc/ssl/SSL_CTX_add1_chain_cert.pod index 2d2161ae96..e294afe253 100644 --- a/doc/ssl/SSL_CTX_add1_chain_cert.pod +++ b/doc/ssl/SSL_CTX_add1_chain_cert.pod @@ -7,7 +7,8 @@ SSL_CTX_add1_chain_cert, SSL_CTX_get0_chain_certs, SSL_CTX_clear_chain_certs, SSL_set0_chain, SSL_set1_chain, SSL_add0_chain_cert, SSL_add1_chain_cert, SSL_get0_chain_certs, SSL_clear_chain_certs, SSL_CTX_build_cert_chain, SSL_build_cert_chain, SSL_CTX_select_current_cert, -SSL_select_current_cert - extra chain certificate processing +SSL_select_current_cert, SSL_CTX_set_current_cert, SSL_set_current_cert - extra +chain certificate processing =head1 SYNOPSIS @@ -32,6 +33,8 @@ SSL_select_current_cert - extra chain certificate processing int SSL_CTX_select_current_cert(SSL_CTX *ctx, X509 *x509); int SSL_select_current_cert(SSL *ssl, X509 *x509); + int SSL_CTX_set_current_cert(SSL_CTX *ctx, long op); + int SSL_set_current_cert(SSL *ssl, long op); =head1 DESCRIPTION @@ -65,8 +68,22 @@ function such as SSL_CTX_use_certificate(). SSL_set0_chain(), SSL_set1_chain(), SSL_add0_chain_cert(), SSL_add1_chain_cert(), SSL_get0_chain_certs(), SSL_clear_chain_certs(), -SSL_build_cert_chain() and SSL_select_current_cert() are similar except they -apply to SSL structure B. +SSL_build_cert_chain(), SSL_select_current_cert() and SSL_set_current_cert() +are similar except they apply to SSL structure B. + +SSL_CTX_set_current_cert() changes the current certificate to a value based +on the B argument. Currently B can be B to use +the first valid certificate or B to set the next valid +certificate after the current certificate. These two operations can be +used to iterate over all certificates in an B structure. + +SSL_set_current_cert() also supports the option B. +If B is a server and has sent a certificate to a connected client +this option sets that certificate to the current certificate and returns 1. +If the negotiated ciphersuite is anonymous (and thus no certificate will +be sent) 2 is returned and the current certificate is unchanged. If B +is not a server or a certificate has not been sent 0 is returned and +the current certificate is unchanged. All these functions are implemented as macros. Those containing a B<1> increment the reference count of the supplied certificate or chain so it must