ex_data part 2: doc fixes and CRYPTO_free_ex_index.

[openssl.git] / doc / ssl / SSL_CTX_use_certificate.pod

diff --git a/doc/ssl/SSL_CTX_use_certificate.pod b/doc/ssl/SSL_CTX_use_certificate.pod
index 80321b8580e3f8e5f88acc3f5802d09e3b620855..2bb0ea60b5e87d4b0d6871fa13c7ae0192a5bfe5 100644 (file)
--- a/doc/ssl/SSL_CTX_use_certificate.pod
+++ b/doc/ssl/SSL_CTX_use_certificate.pod
@@ -16,6 +16,7 @@ SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_f
  int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
 
  int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+ int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
 
  int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
  int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, unsigned char *d,
@@ -41,18 +42,18 @@ or SSL object, respectively.
 
 The SSL_CTX_* class of functions loads the certificates and keys into the
 SSL_CTX object B<ctx>. The information is passed to SSL objects B<ssl>
-created from B<ctx> with L<SSL_new(3)|SSL_new(3)> by copying, so that
+created from B<ctx> with L<SSL_new(3)> by copying, so that
 changes applied to B<ctx> do not propagate to already existing SSL objects.
 
 The SSL_* class of functions only loads certificates and keys into a
 specific SSL object. The specific information is kept, when
-L<SSL_clear(3)|SSL_clear(3)> is called for this SSL object.
+L<SSL_clear(3)> is called for this SSL object.
 
 SSL_CTX_use_certificate() loads the certificate B<x> into B<ctx>,
 SSL_use_certificate() loads B<x> into B<ssl>. The rest of the
 certificates needed to form the complete certificate chain can be
 specified using the
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+L<SSL_CTX_add_extra_chain_cert(3)>
 function.
 
 SSL_CTX_use_certificate_ASN1() loads the ASN1 encoded certificate from
@@ -70,8 +71,8 @@ SSL_CTX_use_certificate_chain_file() loads a certificate chain from
 B<file> into B<ctx>. The certificates must be in PEM format and must
 be sorted starting with the subject's certificate (actual client or server
 certificate), followed by intermediate CA certificates if applicable, and
-ending at the highest level (root) CA.
-There is no corresponding function working on a single SSL object.
+ending at the highest level (root) CA. SSL_use_certificate_chain_file() is
+similar except it loads the cerificate chain into B<ssl>.
 
 SSL_CTX_use_PrivateKey() adds B<pkey> as private key to B<ctx>.
 SSL_CTX_use_RSAPrivateKey() adds the private key B<rsa> of type RSA
@@ -111,7 +112,7 @@ this B<ssl>, the last item added into B<ctx> will be checked.
   
 The internal certificate store of OpenSSL can hold several private
 key/certificate pairs at a time. The certificate used depends on the
-cipher selected, see also L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>.
+cipher selected, see also L<SSL_CTX_set_cipher_list(3)>.
 
 When reading certificates and private keys from file, files of type
 SSL_FILETYPE_ASN1 (also known as B<DER>, binary encoding) can only contain
@@ -121,7 +122,7 @@ Files of type SSL_FILETYPE_PEM can contain more than one item.
 
 SSL_CTX_use_certificate_chain_file() adds the first certificate found
 in the file to the certificate store. The other certificates are added
-to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)|SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single
+to the store of chain certificates using L<SSL_CTX_add1_chain_cert(3)>. Note: versions of OpenSSL before 1.0.2 only had a single
 certificate chain store for all certificate types, OpenSSL 1.0.2 and later
 have a separate chain store for each type. SSL_CTX_use_certificate_chain_file() 
 should be used instead of the SSL_CTX_use_certificate_file() function in order
@@ -132,12 +133,12 @@ the trusted CA storage.
 If additional certificates are needed to complete the chain during the
 TLS negotiation, CA certificates are additionally looked up in the
 locations of trusted CA certificates, see
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
+L<SSL_CTX_load_verify_locations(3)>.
 
 The private keys loaded from file can be encrypted. In order to successfully
 load encrypted keys, a function returning the passphrase must have been
 supplied, see
-L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>.
+L<SSL_CTX_set_default_passwd_cb(3)>.
 (Certificate files might be encrypted as well from the technical point
 of view, it however does not make sense as the data in the certificate
 is considered public anyway.)
@@ -149,17 +150,11 @@ Otherwise check out the error stack to find out the reason.
 
 =head1 SEE ALSO
 
-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
-L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
-L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
-L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
-
-=head1 HISTORY
-
-Support for DER encoded private keys (SSL_FILETYPE_ASN1) in
-SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file() was added
-in 0.9.8 .
+L<ssl(3)>, L<SSL_new(3)>, L<SSL_clear(3)>,
+L<SSL_CTX_load_verify_locations(3)>,
+L<SSL_CTX_set_default_passwd_cb(3)>,
+L<SSL_CTX_set_cipher_list(3)>,
+L<SSL_CTX_set_client_cert_cb(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)>
 
 =cut