X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=doc%2Fssl%2FSSL_CTX_load_verify_locations.pod;h=0e2d2179c8c1ce7f503f70d2f173515508869dde;hp=aeeee1a3bed6ce6249d6ca5925d862ee4f24e794;hb=66ebbb6a56bc1688fa37878e4feec985b0c260d7;hpb=553615f500fbfaf3ab3591d1d9a96e13308138e8;ds=sidebyside

diff --git a/doc/ssl/SSL_CTX_load_verify_locations.pod b/doc/ssl/SSL_CTX_load_verify_locations.pod
index aeeee1a3be..0e2d2179c8 100644
--- a/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ b/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -46,7 +46,7 @@ is performed in the ordering of the extension number, regardless of other
 properties of the certificates.
 Use the B<c_rehash> utility to create the necessary links.
 
-The certificates in B<CAfile> are only looked up when required, e.g. when
+The certificates in B<CApath> are only looked up when required, e.g. when
 building the certificate chain or when actually performing the verification
 of a peer certificate.
 
@@ -62,6 +62,12 @@ matching the parameters is found, the verification process will be performed;
 no other certificates for the same parameters will be searched in case of
 failure.
 
+When building its own certificate chain, an OpenSSL client/server will
+try to fill in missing certificates from B<CAfile>/B<CApath>, if the
+certificate chain was not explicitely specified (see
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>.
+
 =head1 WARNINGS
 
 If several CA certificates matching the name, key identifier, and serial
@@ -110,6 +116,9 @@ The operation succeeded.
 
 L<ssl(3)|ssl(3)>,
 L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
-L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>
+L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+
 
 =cut