Update the *use_certificate* docs

Note that calling the *use_certificate* functions will replace any existing
certificate of the same type. The same thing applies for private keys.

Fixes #2147

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6092)

diff --git a/doc/man3/SSL_CTX_use_certificate.pod b/doc/man3/SSL_CTX_use_certificate.pod
index 4dff79cee22c290cf61f19c09e59614899215750..b065d8f9e5cb38ca8ebc4d538b6f191c0347fd23 100644 (file)
--- a/doc/man3/SSL_CTX_use_certificate.pod
+++ b/doc/man3/SSL_CTX_use_certificate.pod
@@ -170,6 +170,13 @@ L<SSL_CTX_set_default_passwd_cb(3)>.
 of view, it however does not make sense as the data in the certificate
 is considered public anyway.)
 
 of view, it however does not make sense as the data in the certificate
 is considered public anyway.)
 

+All of the functions to set a new certificate will replace any existing
+certificate of the same type that has already been set. Similarly all of the
+functions to set a new private key will replace any private key that has already
+been set. Applications should call L<SSL_CTX_check_private_key(3)> or
+L<SSL_check_private_key(3)> as appropriate after loading a new certificate and
+private key to confirm that the certificate and key match.
+

 =head1 RETURN VALUES
 
 On success, the functions return 1.
 =head1 RETURN VALUES
 
 On success, the functions return 1.