to omit the root CA from the built chain, B<SSL_BUILD_CHAIN_FLAG_CHECK> to
use all existing chain certificates only to build the chain (effectively
sanity checking and rearranging them if necessary), the flag
-B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification.
+B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> ignores any errors during verification:
+if flag B<SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR> is also set verification errors
+are cleared from the error queue.
Each of these functions operates on the I<current> end entity
(i.e. server or client) certificate. This is the last certificate loaded or
SSL_CTX_use_certificate_chain_file() then call SSL_CTX_build_cert_chain()
with the option B<SSL_BUILD_CHAIN_FLAG_CHECK> to check and reorder them.
+Applications can issue non fatal warnings when checking chains by setting
+the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS> and checking the return
+value.
+
Calling SSL_CTX_build_cert_chain() or SSL_build_cert_chain() is more
efficient than the automatic chain building as it is only performed once.
Automatic chain building is performed on each new session.
no server certificate is used because the ciphersuites is anonymous and 0
for failure.
+SSL_CTX_build_cert_chain() and SSL_build_cert_chain() return 1 for success
+and 0 for failure. If the flag B<SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR> and
+a verification error occurs then 2 is returned.
+
All other functions return 1 for success and 0 for failure.
=head1 SEE ALSO
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+L<SSL_CTX_add_extra_chain_cert(3)>
=head1 HISTORY
These functions were first added to OpenSSL 1.0.2.
+=head1 COPYRIGHT
+
+Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License"). You may not use
+this file except in compliance with the License. You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
=cut