SSL extra chain certificates doc

Signed-off-by: Antoine Salon <asalon@vmware.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7522)

diff --git a/doc/man3/SSL_CTX_add_extra_chain_cert.pod b/doc/man3/SSL_CTX_add_extra_chain_cert.pod
index 05d17f8b0f671b1d62a9e3722b5c546b1ff6059d..6e429c31bd9b590a6491ece1caa59e48db3fb769 100644 (file)
--- a/doc/man3/SSL_CTX_add_extra_chain_cert.pod
+++ b/doc/man3/SSL_CTX_add_extra_chain_cert.pod
@@ -2,14 +2,19 @@
 
 =head1 NAME
 
-SSL_CTX_add_extra_chain_cert, SSL_CTX_clear_extra_chain_certs - add or clear
-extra chain certificates
+SSL_CTX_add_extra_chain_cert,
+SSL_CTX_get_extra_chain_certs,
+SSL_CTX_get_extra_chain_certs_only,
+SSL_CTX_clear_extra_chain_certs
+- add, get or clear extra chain certificates
 
 =head1 SYNOPSIS
 
  #include <openssl/ssl.h>
 
  long SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *x509);
+ long SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **sk);
+ long SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **sk);
  long SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx);
 
 =head1 DESCRIPTION
@@ -18,6 +23,13 @@ SSL_CTX_add_extra_chain_cert() adds the certificate B<x509> to the extra chain
 certificates associated with B<ctx>. Several certificates can be added one
 after another.
 
+SSL_CTX_get_extra_chain_certs() retrieves the extra chain certificates
+associated with B<ctx>, or the chain associated with the current certificate
+of B<ctx> if the extra chain is empty.
+
+SSL_CTX_get_extra_chain_certs_only() retrieves the extra chain certificates
+associated with B<ctx>.
+
 SSL_CTX_clear_extra_chain_certs() clears all extra chain certificates
 associated with B<ctx>.
 
@@ -70,7 +82,7 @@ L<SSL_build_cert_chain(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the OpenSSL license (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

diff --git a/doc/man7/ssl.pod b/doc/man7/ssl.pod
index d439860b5b5b5210e0ece76d51bb65f3d80d173b..6cc1c4bcffb9c555fd6e353908d1d1b1904e76ad 100644 (file)
--- a/doc/man7/ssl.pod
+++ b/doc/man7/ssl.pod
@@ -254,6 +254,10 @@ protocol context defined in the B<SSL_CTX> structure.
 
 =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
 
+=item long B<SSL_CTX_get_extra_chain_certs>(SSL_CTX *ctx, STACK_OF(X509) **sk);
+
+=item long B<SSL_CTX_get_extra_chain_certs_only>(SSL_CTX *ctx, STACK_OF(X509) **sk);
+
 =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
 
 =item int B<SSL_CTX_get_quiet_shutdown>(const SSL_CTX *ctx);

diff --git a/util/private.num b/util/private.num
index c5f34314f170c0b7eaaf5e4b6973ad0cd52e40f7..4a0ed292ec1da21f8d912bb5a19c75ebad8eb2d9 100644 (file)
--- a/util/private.num
+++ b/util/private.num
@@ -324,6 +324,8 @@ SSL_CTX_disable_ct                      define
 SSL_CTX_generate_session_ticket_fn      define
 SSL_CTX_get0_chain_certs                define
 SSL_CTX_get_default_read_ahead          define
+SSL_CTX_get_extra_chain_certs           define
+SSL_CTX_get_extra_chain_certs_only      define
 SSL_CTX_get_max_cert_list               define
 SSL_CTX_get_max_proto_version           define
 SSL_CTX_get_min_proto_version           define