|SSL_CTX_ADD_EXTRA_CHAIN_CERT(3)||Library Functions Manual||SSL_CTX_ADD_EXTRA_CHAIN_CERT(3)|
SSL_CTX_add_extra_chain_cert() adds the certificate x509 to the extra chain certificates associated with ctx. Several certificates can be added one after another.
an internal pointer to the stack of extra chain certificates associated with
all extra chain certificates associated with ctx.
These functions are implemented as macros.
When sending a certificate chain, extra chain certificates are sent in order following the end entity certificate.
If no chain is specified, the library will try to complete the chain from the available CA certificates in the trusted CA storage, see SSL_CTX_load_verify_locations(3).
The x509 certificate provided to
SSL_CTX_add_extra_chain_cert() will be freed by the
library when the SSL_CTX is destroyed. An application
should not free the x509 object, nor the
*certs object retrieved by
SSL_CTX_add_extra_chain_cert() first appeared in SSLeay 0.9.1 and has been available since OpenBSD 2.6.
SSL_CTX_clear_extra_chain_certs() first appeared in
OpenSSL 1.0.1 and have been available since OpenBSD
SSL_CTX_add_extra_chain_cert() are ignored when certificates are also available that have been added using the functions documented in SSL_CTX_set1_chain(3).
Only one set of extra chain certificates can be specified per
SSL_CTX structure using
SSL_CTX_add_extra_chain_cert(). Different chains for
different certificates (for example if both RSA and DSA certificates are
specified by the same server) or different SSL structures with the same
parent SSL_CTX require using the functions documented
|April 5, 2019||OpenBSD-current|