diff options
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3')
-rw-r--r-- | secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 | 66 |
1 files changed, 35 insertions, 31 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 index 32db6fde693c9..dbe3e517ce447 100644 --- a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 +++ b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35) +.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== @@ -54,16 +54,20 @@ .\" Avoid warning from groff about undefined register 'F'. .de IX .. -.if !\nF .nr F 0 -.if \nF>0 \{\ -. de IX -. tm Index:\\$1\t\\n%\t"\\$2" +.nr rF 0 +.if \n(.g .if rF .nr rF 1 +.if (\n(rF:(\n(.g==0)) \{\ +. if \nF \{\ +. de IX +. tm Index:\\$1\t\\n%\t"\\$2" .. -. if !\nF==2 \{\ -. nr % 0 -. nr F 2 +. if !\nF==2 \{\ +. nr % 0 +. nr F 2 +. \} . \} .\} +.rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. @@ -129,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "SSL_CTX_ADD1_CHAIN_CERT 3" -.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL" +.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -165,21 +169,21 @@ SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_ch .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" -\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain +\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain associated with the current certificate of \fBctx\fR to \fBsk\fR. .PP -\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single +\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single certificate \fBx509\fR to the chain associated with the current certificate of \&\fBctx\fR. .PP -\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current +\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current certificate of \fBctx\fR. .PP -\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the +\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the current certificate of \fBctx\fR. (This is implemented by calling -\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). +\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR). .PP -\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally +\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally this uses the chain store or the verify store if the chain store is not set. If the function is successful the built chain will replace any existing chain. The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use @@ -195,22 +199,22 @@ Each of these functions operates on the \fIcurrent\fR end entity (i.e. server or client) certificate. This is the last certificate loaded or selected on the corresponding \fBctx\fR structure. .PP -\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity +\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a -function such as \fISSL_CTX_use_certificate()\fR. +function such as \fBSSL_CTX_use_certificate()\fR. .PP -\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR, -\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR, -\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR +\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR, +\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR, +\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR are similar except they apply to \s-1SSL\s0 structure \fBssl\fR. .PP -\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based +\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid certificate after the current certificate. These two operations can be used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure. .PP -\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. +\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR. If \fBssl\fR is a server and has sent a certificate to a connected client this option sets that certificate to the current certificate and returns 1. If the negotiated cipher suite is anonymous (and thus no certificate will @@ -226,48 +230,48 @@ not increment reference counts and the supplied certificate or chain .SH "NOTES" .IX Header "NOTES" The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0 -structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected +structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected by any chains subsequently changed in the parent \s-1SSL_CTX.\s0 .PP One chain can be set for each key type supported by a server. So, for example, an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains. .PP -The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can +The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can be used to check application configuration and to ensure any necessary subordinate CAs are sent in the correct order. Misconfigured applications sending incorrect certificate chains often cause problems with peers. .PP For example an application can add any set of certificates using -\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR +\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them. .PP Applications can issue non fatal warnings when checking chains by setting the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return value. .PP -Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more +Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more efficient than the automatic chain building as it is only performed once. Automatic chain building is performed on each new session. .PP If any certificates are added using these functions no certificates added -using \fISSL_CTX_add_extra_chain_cert()\fR will be used. +using \fBSSL_CTX_add_extra_chain_cert()\fR will be used. .SH "RETURN VALUES" .IX Header "RETURN VALUES" -\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if +\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if no server certificate is used because the cipher suites is anonymous and 0 for failure. .PP -\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success +\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and a verification error occurs then 2 is returned. .PP All other functions return 1 for success and 0 for failure. .SH "SEE ALSO" .IX Header "SEE ALSO" -\&\fISSL_CTX_add_extra_chain_cert\fR\|(3) +\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3) .SH "HISTORY" .IX Header "HISTORY" -These functions were first added to OpenSSL 1.0.2. +These functions were added in OpenSSL 1.0.2. .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved. |