summaryrefslogtreecommitdiff
path: root/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
diff options
context:
space:
mode:
Diffstat (limited to 'secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3')
-rw-r--r--secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.366
1 files changed, 35 insertions, 31 deletions
diff --git a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3 b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
index 32db6fde693c9..dbe3e517ce447 100644
--- a/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
+++ b/secure/lib/libcrypto/man/SSL_CTX_add1_chain_cert.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 4.09 (Pod::Simple 3.35)
+.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -54,16 +54,20 @@
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
-.if !\nF .nr F 0
-.if \nF>0 \{\
-. de IX
-. tm Index:\\$1\t\\n%\t"\\$2"
+.nr rF 0
+.if \n(.g .if rF .nr rF 1
+.if (\n(rF:(\n(.g==0)) \{\
+. if \nF \{\
+. de IX
+. tm Index:\\$1\t\\n%\t"\\$2"
..
-. if !\nF==2 \{\
-. nr % 0
-. nr F 2
+. if !\nF==2 \{\
+. nr % 0
+. nr F 2
+. \}
. \}
.\}
+.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
@@ -129,7 +133,7 @@
.\" ========================================================================
.\"
.IX Title "SSL_CTX_ADD1_CHAIN_CERT 3"
-.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2018-11-20" "1.1.1a" "OpenSSL"
+.TH SSL_CTX_ADD1_CHAIN_CERT 3 "2019-02-26" "1.1.1b" "OpenSSL"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -165,21 +169,21 @@ SSL_CTX_set0_chain, SSL_CTX_set1_chain, SSL_CTX_add0_chain_cert, SSL_CTX_add1_ch
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
-\&\fISSL_CTX_set0_chain()\fR and \fISSL_CTX_set1_chain()\fR set the certificate chain
+\&\fBSSL_CTX_set0_chain()\fR and \fBSSL_CTX_set1_chain()\fR set the certificate chain
associated with the current certificate of \fBctx\fR to \fBsk\fR.
.PP
-\&\fISSL_CTX_add0_chain_cert()\fR and \fISSL_CTX_add1_chain_cert()\fR append the single
+\&\fBSSL_CTX_add0_chain_cert()\fR and \fBSSL_CTX_add1_chain_cert()\fR append the single
certificate \fBx509\fR to the chain associated with the current certificate of
\&\fBctx\fR.
.PP
-\&\fISSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current
+\&\fBSSL_CTX_get0_chain_certs()\fR retrieves the chain associated with the current
certificate of \fBctx\fR.
.PP
-\&\fISSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the
+\&\fBSSL_CTX_clear_chain_certs()\fR clears any existing chain associated with the
current certificate of \fBctx\fR. (This is implemented by calling
-\&\fISSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR).
+\&\fBSSL_CTX_set0_chain()\fR with \fBsk\fR set to \fB\s-1NULL\s0\fR).
.PP
-\&\fISSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally
+\&\fBSSL_CTX_build_cert_chain()\fR builds the certificate chain for \fBctx\fR normally
this uses the chain store or the verify store if the chain store is not set.
If the function is successful the built chain will replace any existing chain.
The \fBflags\fR parameter can be set to \fB\s-1SSL_BUILD_CHAIN_FLAG_UNTRUSTED\s0\fR to use
@@ -195,22 +199,22 @@ Each of these functions operates on the \fIcurrent\fR end entity
(i.e. server or client) certificate. This is the last certificate loaded or
selected on the corresponding \fBctx\fR structure.
.PP
-\&\fISSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity
+\&\fBSSL_CTX_select_current_cert()\fR selects \fBx509\fR as the current end entity
certificate, but only if \fBx509\fR has already been loaded into \fBctx\fR using a
-function such as \fISSL_CTX_use_certificate()\fR.
+function such as \fBSSL_CTX_use_certificate()\fR.
.PP
-\&\fISSL_set0_chain()\fR, \fISSL_set1_chain()\fR, \fISSL_add0_chain_cert()\fR,
-\&\fISSL_add1_chain_cert()\fR, \fISSL_get0_chain_certs()\fR, \fISSL_clear_chain_certs()\fR,
-\&\fISSL_build_cert_chain()\fR, \fISSL_select_current_cert()\fR and \fISSL_set_current_cert()\fR
+\&\fBSSL_set0_chain()\fR, \fBSSL_set1_chain()\fR, \fBSSL_add0_chain_cert()\fR,
+\&\fBSSL_add1_chain_cert()\fR, \fBSSL_get0_chain_certs()\fR, \fBSSL_clear_chain_certs()\fR,
+\&\fBSSL_build_cert_chain()\fR, \fBSSL_select_current_cert()\fR and \fBSSL_set_current_cert()\fR
are similar except they apply to \s-1SSL\s0 structure \fBssl\fR.
.PP
-\&\fISSL_CTX_set_current_cert()\fR changes the current certificate to a value based
+\&\fBSSL_CTX_set_current_cert()\fR changes the current certificate to a value based
on the \fBop\fR argument. Currently \fBop\fR can be \fB\s-1SSL_CERT_SET_FIRST\s0\fR to use
the first valid certificate or \fB\s-1SSL_CERT_SET_NEXT\s0\fR to set the next valid
certificate after the current certificate. These two operations can be
used to iterate over all certificates in an \fB\s-1SSL_CTX\s0\fR structure.
.PP
-\&\fISSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR.
+\&\fBSSL_set_current_cert()\fR also supports the option \fB\s-1SSL_CERT_SET_SERVER\s0\fR.
If \fBssl\fR is a server and has sent a certificate to a connected client
this option sets that certificate to the current certificate and returns 1.
If the negotiated cipher suite is anonymous (and thus no certificate will
@@ -226,48 +230,48 @@ not increment reference counts and the supplied certificate or chain
.SH "NOTES"
.IX Header "NOTES"
The chains associate with an \s-1SSL_CTX\s0 structure are copied to any \s-1SSL\s0
-structures when \fISSL_new()\fR is called. \s-1SSL\s0 structures will not be affected
+structures when \fBSSL_new()\fR is called. \s-1SSL\s0 structures will not be affected
by any chains subsequently changed in the parent \s-1SSL_CTX.\s0
.PP
One chain can be set for each key type supported by a server. So, for example,
an \s-1RSA\s0 and a \s-1DSA\s0 certificate can (and often will) have different chains.
.PP
-The functions \fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR can
+The functions \fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR can
be used to check application configuration and to ensure any necessary
subordinate CAs are sent in the correct order. Misconfigured applications
sending incorrect certificate chains often cause problems with peers.
.PP
For example an application can add any set of certificates using
-\&\fISSL_CTX_use_certificate_chain_file()\fR then call \fISSL_CTX_build_cert_chain()\fR
+\&\fBSSL_CTX_use_certificate_chain_file()\fR then call \fBSSL_CTX_build_cert_chain()\fR
with the option \fB\s-1SSL_BUILD_CHAIN_FLAG_CHECK\s0\fR to check and reorder them.
.PP
Applications can issue non fatal warnings when checking chains by setting
the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERRORS\s0\fR and checking the return
value.
.PP
-Calling \fISSL_CTX_build_cert_chain()\fR or \fISSL_build_cert_chain()\fR is more
+Calling \fBSSL_CTX_build_cert_chain()\fR or \fBSSL_build_cert_chain()\fR is more
efficient than the automatic chain building as it is only performed once.
Automatic chain building is performed on each new session.
.PP
If any certificates are added using these functions no certificates added
-using \fISSL_CTX_add_extra_chain_cert()\fR will be used.
+using \fBSSL_CTX_add_extra_chain_cert()\fR will be used.
.SH "RETURN VALUES"
.IX Header "RETURN VALUES"
-\&\fISSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if
+\&\fBSSL_set_current_cert()\fR with \fB\s-1SSL_CERT_SET_SERVER\s0\fR return 1 for success, 2 if
no server certificate is used because the cipher suites is anonymous and 0
for failure.
.PP
-\&\fISSL_CTX_build_cert_chain()\fR and \fISSL_build_cert_chain()\fR return 1 for success
+\&\fBSSL_CTX_build_cert_chain()\fR and \fBSSL_build_cert_chain()\fR return 1 for success
and 0 for failure. If the flag \fB\s-1SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR\s0\fR and
a verification error occurs then 2 is returned.
.PP
All other functions return 1 for success and 0 for failure.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
-\&\fISSL_CTX_add_extra_chain_cert\fR\|(3)
+\&\fBSSL_CTX_add_extra_chain_cert\fR\|(3)
.SH "HISTORY"
.IX Header "HISTORY"
-These functions were first added to OpenSSL 1.0.2.
+These functions were added in OpenSSL 1.0.2.
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright 2013\-2016 The OpenSSL Project Authors. All Rights Reserved.
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-13 17:16:37 +0000